NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 2001-12

From: frog frog (leseulfroghotmail.com)
Date: Fri Dec 14 2001 - 19:47:27 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) Here a few holes that i've found in PHPNuke.
5 Cross Site Scripting.

http://phpnuke.org/modules.php?
name=Downloads&d_op=viewdownloaddetails&lid=0
2&ttitle=[JAVASCRIPT]

http://phpnuke.org/modules.php?
name=Downloads&d_op=ratedownload&lid=118&ttitle
=[JAVASCRIPT]

http://phpnuke.org/modules.php?
op=modload&name=Members_List&file=index&letter
=[JAVASCRIPT]

http://phpnuke.org/submit.php?subject=
[JAVASCRIPT]&story=[JAVASCRIPT]&storyext=
[JAVASCRIPT]&op=Preview

http://phpnuke.org/user.php?op=userinfo&uname=
[JAVASCRIPT] ==> This hole was not found by
Aurelien Cabezon.

and /admin.php?upload=Go! who's the same that
upload=1 .

frog-man

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]