[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: [SECURITYREASON.COM] PostNuke Critical XSS 0.760-RC2=>x cXIb8O3.2
From: Maksymilian Arciemowicz <max () jestsuper ! pl>
Date: 2005-02-28 21:03:04
Message-ID: 20050228210304.14990.qmail () www ! securityfocus ! com
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[PostNuke Critical XSS 0.760-RC2=>x cXIb8O3.2]
Author: cXIb8O3(Maksymilian Arciemowicz)
Date: 19.2.2005
from securityreason.com TEAM
- --- 0.Description ---
PostNuke: The Phoenix Release (0.750) and (0.760-RC2)
PostNuke is an open source, open developement content management system
(CMS). PostNuke started as a fork from PHPNuke (http://www.phpnuke.org) and
provides many enhancements and improvements over the PHP-Nuke system. PostNuke
is still undergoing development but a large number of core functions are now
stabilising and a complete API for third-party developers is now in place.
If you would like to help develop this software, please visit our homepage
at http://noc.postnuke.com/
You can also visit us on our IRC Server irc.postnuke.com channel
#postnuke-support
#postnuke-chat
#postnuke
Or at the Community Forums located at:
http://forums.postnuke.com/
- --- 1. Critical XSS in Download module ---
When we go to this url :
http://[HOST]/[DIR]/modules.php?op=modload&name=Downloads&file=index&req=AddDownload
or
We can add XSS by passing unexpected data to the 'Program name' or 'File link' or \
'Author s name' or 'Author s e-mail address' or 'File size' or 'Version' or 'Home \
page' variable.
For exemple:
"><script>alert('cXIb8O3');</script>
Why this XSS is critical ?
Because when admin login in and try to view new downloads, then our XSS will run on \
his machine. Evil attacker can create dangerous XSS to steal data (admin cookie with \
session) or change the site.
- --- 2. How to fix ---
Download the new version of the script or update.
- --- 3. Greets ---
only for sp3x.... and ladyBMS
- --- 4.Contact ---
Author: Maksymilian Arciemowicz
Location: Poland(Jelenia Gora), Luxembourg(Bereldange)
Email: max [at] jestsuper [dot] pl
GPG-KEY: http://security.jestsuper.pl
SECURITYREASON.COM TEAM
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (FreeBSD)
iD8DBQFCI3y3znmvyJCR4zQRAtNOAJ99VTZa9wY+JLiq3aCYK8rZyvIZmACeJTbF
L6pS+erISCfwB8aT/bmPanM=
=QqTD
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic