PHP-Nuke 6.5 – ‘modules.php?Username’ Cross-Site Scripting-安全小百科

PHP-Nuke 6.5 – ‘modules.php?Username’ Cross-Site Scripting

漏洞ID	1053869	漏洞类型
发布时间	2003-05-13	更新时间	2003-05-13
CVE编号	N/A	CNNVD-ID	N/A
漏洞平台	PHP	CVSS评分	N/A

|漏洞来源

https://www.exploit-db.com/exploits/22595

|漏洞详情

漏洞细节尚未披露

|漏洞EXP

source: http://www.securityfocus.com/bid/7570/info

A cross site scripting vulnerability has been reported for PHP-Nuke. Specifically, PHP-Nuke does not sufficiently sanitize user-supplied input for the 'username' URI parameter to the modules.php script.

This may allow for theft of cookie-based authentication credentials and other attacks. 

http://[victim]/modules.php?name=Your_Account&op=userinfo&
username=bla<script>alert(document.cookie)</script>

相关推荐: AIX more(1) Insecure Temporary File Creation Vulnerability

AIX more(1) Insecure Temporary File Creation Vulnerability 漏洞ID 1104945 漏洞类型 Origin Validation Error 发布时间 1998-07-21 更新时间 1998-07-…

文章版权归作者所有，未经允许请勿转载。

THE END