Results 1 to 3 of 3

Thread: Another PHP-NUKE XSS Exploit

  1. #1
    Senior Member
    Join Date
    Dec 2001
    Posts
    304

    Another PHP-NUKE XSS Exploit

    This one was found by me and is currently awating moderation on bugtraq


    Affected Versions:

    PHP-Nuke 6.0 [ possibly others ]

    -----------------------
    Tested With:

    Netscape 7.0
    Mozilla 1.01 -->partial testing
    IE 5.5

    --------------------------
    Discussion:

    There is another XSS vulnerability in the popular Nuke software this one being 6.0 and possibly other versions. A recent one has been reported within the search feild of the topics but this one resides in the search feild of Web Links

    Depending on what browser you are using you will get different results:

    1. "<script>alert('Testing')</script>"

    Netscape 7.0 -

    With netscape it will pop up a box that says testing and when you close it it just opens again. This is done several times and then it closes. Also the links below [ ie google, hotbot and some others ] The links are still links but they show some of the source of the page. Also as I said the test box comes up it appears to be for each one of these search options. It loads them one at a time and for each one it brings up the testing box.

    Internet Explorer 5.5 -

    This just brings up one box and when you close it is gone. Links still show some source

    Mozilla --

    Not tested but expect same results



    2. ""

    Netscape:

    Again this just messes up the links so they show some of the source but they still are links

    IE 5.5

    This actually attempts to show the pic but unsucessful , just puts the little box with a red x threw it on the page. Links are also all wacky

    Mozilla

    The picture will actually show with mozilla. Uncertain as to how the links look. had friend with mozilla check and all he said was it did show the pic

    ------------
    Proof -

    You can go to any site with PHP-NUke 6 and go to their weblink section and try it out. Or you can go to www.ersatz-crew.org and try it there. Feal free to check older version of nuke and possiby post nuke but i cannot garantee that they exist there




    As i said this was submitted by me allready, First submission so I am a bit exited. Just thought I would post it here for you all as well as a heads up or for something to discuss
    Violence breeds violence
    we need a world court
    not a republican with his hands covered in oil and military hardware lecturing us on world security!

  2. #2
    Very good. I've tried out the "Testing" one you made there before with some other types of searches and came up with the same thing you did, it working. I think this is a good bug to find, because it could potentially cause some trouble. Update with what they say when they read your bug on BugTraq.

  3. #3
    Kwiep
    Join Date
    Aug 2001
    Posts
    924
    XSS bugs are bugs that are very hard to get out of your software.. There're probably many more waiting to be discovered and when those are found there will be even more in a next version. Now in this search bar it can be get out, because you don't have to put any code there, but I think XSS bugs wil exist as long as the user has the ability to put things he typed himself on a page, whatever way.
    Double Dutch

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •