Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Postnuke XSS fixed
From: Sebastian Konstanty Zdrojewski <s.zdrojewski () not2you com>
Date: Thu, 03 Oct 2002 09:10:23 +0200

I saw the problem has been solved, and the get you proposed below are no
more working. But if you use the following get, the popup appears again:

on the url http://news.postnuke.com/modules.php

the get


Best Regars,


Daniel Woods wrote:

 >Not so fast on the praise :(
 >It only took me a couple of workarounds to find ways to bypass the check.
 >  http://news.postnuke.com/modules.php
 >Using the request...
 >gives me the DB Error: message
 >And using the request...
 >gives me the Alert Popup and DB Error: message...  the '+' is treated
as a blank.
 >Thanks... Dan.

Sebastian Konstanty Zdrojewski
IT Analyst

Neticon a brand of Every Level S.r.l.
Via Valtellina 16 - 20159 Milano - MI - Italy

Phone    (+39)
E-Mail   s.zdrojewski () neticon it
Website  http://www.neticon.it

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]