PHP Nuke v5.5 has a cross site scripting vulnerability. Exploit information included.
ea0a2f907d32e11a8d8ea2a9d231190a234851a4b50bf5f9b2a309b314e8c10aPHP-Nuke is a PHP based portal management system used at thousands of
sites. A Cross Site Scripting vulnerability has been discovered in the
PHP-Nuke version 5.5 and prior versions. There is a function called
Private Messages in PHP-Nuke by which the registered users of the site
can send messages to the other registered users of site. A user can also
send a HTML formatted message and can even embed JavaScript in it.
Now, if the user sends a malicious JavaScript embedded message to
someone then the JavaScript would be executed on the receiver's browser.
-------------Sample Message----------------
You have been screwed!
<script>alert(document.cookie)</script>
-------------------------------------------
Thus it also allows an attacker to reveal the critical information such
as cookies related to that site and get hold on his account even on
admin. Get this and more at https://hackergurus.tk
Regards,
Ravish
ravishahuja1@yahoo.com
https://hackergurus.tk
Hacker Gurus:: Geeks With Attitude
https://hackergurus.tk
Sign up now to recieve all the latest news and updates right in your
mailbox.
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed