NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Vuln-Dev> 2001-q4

From: frog frog (leseulfroghotmail.com)
Date: Fri Dec 14 2001 - 15:30:46 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is)
Here a few holes that i've found in PHPNuke.
5 "Cross Site Scripting".

http://phpnuke.org/modules.php?
name=Downloads&d_op=viewdownloaddetails&lid=0
2&ttitle=[JAVASCRIPT]

http://phpnuke.org/modules.php?
name=Downloads&d_op=ratedownload&lid=118&ttitle
=[JAVASCRIPT]

http://phpnuke.org/modules.php?
op=modload&name=Members_List&file=index&letter
=[JAVASCRIPT]

http://phpnuke.org/submit.php?subject=
[JAVASCRIPT]&story=[JAVASCRIPT]&storyext=
[JAVASCRIPT]&op=Preview

http://phpnuke.org/user.php?op=userinfo&uname=
[JAVASCRIPT]

and /admin.php?upload=Go! who's the same that
upload=1 .

frog-mn

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]