gnuheter-dev
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Gnuheter-dev] Yet another XSS vulnerability in PHP NUKE (fwd)

From: Ulf Harnhammar
Subject: [Gnuheter-dev] Yet another XSS vulnerability in PHP NUKE (fwd)
Date: Fri, 27 Sep 2002 22:18:51 +0200 (CEST) 
Bugtraq-människorna har hittat lite fler Cross-Site Scripting-säkerhetshål 
i PHP-Nuke de senaste dagarna. Någon skulle ju kunna ta reda på vilka av
dessa som Gnuheter är sårbar för.

The Cross Site Scripting FAQ:
http://www.cgisecurity.net/articles/xss-faq.shtml

// Ulf Härnhammar
address@hidden
http://www.metaur.nu/


---------- Forwarded message ----------
Date: 26 Sep 2002 23:54:51 -0000
From: address@hidden
To: address@hidden
Subject: Yet another XSS vulnerability in PHP NUKE



Tested ON:                  
PHP-Nuke 6.0                 
Netscape 7.0                 
Internet Explorer 5.5   
Mozilla - unknown version partially tested    
----------------------------------------------
Description:

There is yet another XSS vulnerability in PHP-Nuke 6.0
[possibly older versions as well] The vulnerability
lies in the Web Links search feild. I have tested this
using two scripts. The first one we will discuss is
"<Img src="http://www.ersatz-crew.org/test.gif";>" 
[where test.gif is just a gif on my site] and the
second one is 
"&lt;script&gt;alert('Testing')&lt;/script&gt;"
 
-----------------------------------------------

"<Img src="http://www.ersatz-crew.org/test.gif";>" 

To complete this exploit all you have to do is put the
above script in the search feild of the web links section.

Netscape 7.0 - 

This will not show the .gif but it does cause the links
below for Alta Vista, HotBot and others to show some
source of the link as part of the link making the page
look odd.

Internet Explorer 5.5

Pretty much same result expept will show an image of an
invalid picture [i.e. box with red x threw it ]

Mozilla -
With Mozilla it will actually show the .gif


-------------------------------------------------------

"&lt;script&gt;alert('Testing')&lt;/script&gt;"

To complete this exploit all you have to do is put the
above script in the search feild of the web links section.

Netscape 7.0

Will cause a pop up box saying testing to come up.
Takes at least 6 or 7 clicks of ok to get this to go
away. Also shows the source to the links as well

Internet Explorer 5.5

Also brings the Testing box up but one click and it
will stay away. This also will make the links apear in
source code.

Mozilla -
This script was not tested on Mozilla but I expect will
be the same result.

------------------
Thanks:
Thanks to C0llisi0n for helping me test this.

------------------
Vulnerability brought to you by ersatz
(address@hidden)
http://www.unixhideout.com
reply via email to
[Prev in Thread] Current Thread [Next in Thread]