- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 23814
- Проверка EDB
-
- Пройдено
- Автор
- JANEK VIND
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2004-1817
- Дата публикации
- 2004-03-15
Код:
source: https://www.securityfocus.com/bid/9879/info
It has been reported that PHP-Nuke may be prone to multiple cross-site scripting vulnerabilities. These vulnerabilities occur due to insufficient sanitization of user-supplied data via the 'Your Name', 'nicname', 'fname', 'ratenum', and 'search' fields of 'modules.php' script. Exploitation could allow for theft of cookie-based authentication credentials. Other attacks are also possible.
http://www.example.com/nuke71/modules.php?name=Recommend_Us&op=SiteSent&fname=>[xss code here]
http://www.example.com/nuke71/modules.php?name=Downloads&d_op=TopRated&ratenum=>[xss code here]&ratetype=x- Источник
- www.exploit-db.com
