PHP-Nuke (ALL versions) Multiple XSS and HTML injection

2007.08.08
Credit: Mikispag
Risk: Low
Local: No
Remote: Yes
CVE: CVE-2007-4212
CWE: CWE-79


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

PHP-Nuke ALL versions Search Module multiple XSS and HTML injection ------------------------------------------------------------------- The well-known PHP-Nuke CMS is vulnerable to multiple XSS attacks and HTML injections through the Search Module. The request is made using POST, but the whole process can be automatized creating an ad-hoc page to send to the victim with an auto-submitting forum using POST as method and the vulnerable URL (http://vulnsite.com/modules.php?name=Search) as ACTION. Both the XSS and the HTML injection work on IE 6/7 and Firefox (ALL versions), with every server and php.ini configuration. You may use the following queries for testing. *XSS*: <img src=http://www.microsoft.com/404.jpg style=display:none onerror=XSS_HERE < <iframe src=http://www.google.com style=display:none onload=XSS_HERE < For example: <img src=http://www.microsoft.com/404.jpg style=display:none onerror=alert(document.cookie) < <iframe src=http://www.google.com style=display:none onload=alert(document.cookie) < *HTML injection*: Examples: <meta http-equiv=refresh content=1;url=http://evilsite.com < Obviosuly, using XSS a malicious hacker can obtain some sensitive and confidential information like cookies, or set up a phishing attack. Mikispag


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top