>Subject: More Cross site Scripting in PHPNuke >Date: 23 Apr 2002 09:50:48 +0200 > >Cross site scripting is a serious problem, (even if some people >doesn't believe it), On this second round i'll show 8 new XSS >vulnerabilities in PHP Nuke (most of them are also path disclosure >vulns)
u can do other thing but it isn't exploitable :( a local hack: In the search input, you write: "><h1><marquee>Hacked by Shaolinn</marquee></h1><" The php file request the input, and finally write the html page something like this: <input type="text" name="search" value="$search_input_requested"> then when i write ">anyhtmlthing<" i am injecting html. really this have not any utility :) but, you can learn how injection works. -- Shaolinn -- _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.