https://www.exploit-db.com/exploits/25642
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200505-1065

Tru-ZoneNukeET3.0及3.1版本的security.php存在跨站脚本攻击(XSS)漏洞，远程攻击者可通过base64编码的Codigo参数来注入任意Web脚本或HTML。

source: http://www.securityfocus.com/bid/13570/info

NukeET is prone to a cross-site scripting vulnerability.

The source of this issue is that HTML and script code is not properly sanitized from URI variables before being output in a dynamically generated Web page. However, to successfully trigger the issue, HTML and script code may be Base64-encoded when passed as a URI variable argument.

An attacker may exploit the issue by enticing a user to following a link that includes hostile Base64-encoded HTML and script code. The malicious input will be decoded by the application and may then be rendered in the browser of the user who visits the link.

The following Base64-encoded string is equivalent to <script>alert()</script><h1>XSS PoW@ !!!</h1>:

PHNjcmlwdD5hbGVydCgpPC9zY3JpcHQ+PGgxPlhTUyBQb1dAICEhITwvaDE+

http://www.example.com/security.php?codigo=
PHNjcmlwdD5hbGVydCgpPC9zY3JpcHQ+PGgxPlhTUyBQb1dAICEhITwvaDE+

来源:BID
名称:13570
链接:http://www.securityfocus.com/bid/13570
来源:OSVDB
名称:16214
链接:http://www.osvdb.org/16214
来源:SECTRACK
名称:1013936
链接:http://securitytracker.com/id?1013936
来源:MISC
链接:http://lostmon.blogspot.com/2005/05/nukeet-codigo-variable-cross-site.html
来源:XF
名称:nukeet-securityphp-xss(20540)
链接:http://xforce.iss.net/xforce/xfdb/20540
来源:SECUNIA
名称:15332
链接:http://secunia.com/advisories/15332