Exploit Michael Schatz Books 0.54/0.6 PostNuke Module - Cross-Site Scripting

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
21903
Проверка EDB
  1. Пройдено
Автор
PISTONE
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
null
Дата публикации
2002-10-03
Код:
source: https://www.securityfocus.com/bid/5882/info

Books is a module written for PostNuke. Reportedly, Books is prone to cross site scripting attacks.

An attacker may exploit this vulnerability by enticing a victim user to follow a malicious link containing HTML and script code. The attacker-supplied HTML and script code may be executed on a web client in the context of the site hosting the vulnerable module.

Attackers may potentially exploit this issue to manipulate web content or to steal cookie-based authentication credentials. It may be possible to take arbitrary actions as the victim user.

http://servernuke/modules.php?op=modload&name=books&file=index&req=search&query=
<script>alert(document.cookie)</script>
 
Источник
www.exploit-db.com

Похожие темы