PHPNuke Multiple Module Cross-Site Scripting Vulnerabilities
BID:12983
Info
PHPNuke Multiple Module Cross-Site Scripting Vulnerabilities
| Bugtraq ID: | 12983 |
| Class: | Input Validation Error |
| CVE: |
CVE-2005-1023 CVE-2005-1024 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 03 2005 12:00AM |
| Updated: | Jul 12 2009 11:56AM |
| Credit: | Discovery is credited to SecurityReason <[email protected]>. |
| Vulnerable: |
Francisco Burzi PHP-Nuke 7.6 Francisco Burzi PHP-Nuke 7.3 Francisco Burzi PHP-Nuke 7.3 Francisco Burzi PHP-Nuke 7.2 Francisco Burzi PHP-Nuke 7.1 Francisco Burzi PHP-Nuke 7.0 FINAL Francisco Burzi PHP-Nuke 7.0 Francisco Burzi PHP-Nuke 6.9 Francisco Burzi PHP-Nuke 6.7 Francisco Burzi PHP-Nuke 6.6 Francisco Burzi PHP-Nuke 6.5 RC3 Francisco Burzi PHP-Nuke 6.5 RC2 Francisco Burzi PHP-Nuke 6.5 RC1 Francisco Burzi PHP-Nuke 6.5 FINAL Francisco Burzi PHP-Nuke 6.5 BETA 1 Francisco Burzi PHP-Nuke 6.5 Francisco Burzi PHP-Nuke 6.0 |
| Not Vulnerable: | |
Discussion
PHPNuke Multiple Module Cross-Site Scripting Vulnerabilities
PHPNuke is reported prone to multiple cross-site scripting vulnerabilities affecting various modules. The affected modules include 'Search', 'FAQ', and 'Encyclopedia'. The 'banners.php' script is also affected.
An attacker can exploit these issues by creating a malicious link containing HTML and script code and send this link to a vulnerable user. This can allow for theft of cookie-based authentication credentials and other attacks.
PHPNuke 7.6 and prior versions are reportedly affected by these issues.
PHPNuke is reported prone to multiple cross-site scripting vulnerabilities affecting various modules. The affected modules include 'Search', 'FAQ', and 'Encyclopedia'. The 'banners.php' script is also affected.
An attacker can exploit these issues by creating a malicious link containing HTML and script code and send this link to a vulnerable user. This can allow for theft of cookie-based authentication credentials and other attacks.
PHPNuke 7.6 and prior versions are reportedly affected by these issues.
Exploit / POC
PHPNuke Multiple Module Cross-Site Scripting Vulnerabilities
An exploit is not required.
The following examples are available:
http://www.example.com/[nuke_dir]/modules.php?name=Search&author=[author]&topic=0&min=999999999[XSS]&query=[our query]
http://www.example.com/[nuke_dir]/modules.php?name=Search&author=[author]&topic=0&min=999999999[XSS]&query=[our_query]&type=users&category=2
http://www.example.com/[nuke_dir]/modules.php?name=Search&author=[author]&topic=0&min=999999999[XSS]&query=[our_query]&type=comments&category=2
http://www.example.com/[nuke_dir]/modules.php?name=Search&author=[author]&topic=0&min=999999999[XSS]&query=[our_query]&type=stories&category=2
http://www.example.com/[nuke_dir]/modules.php?name=Search&author=[author]&topic=0&min=999999999[XSS]&query=[our_query]&type=reviews&category=2
http://www.example.com/[nuke_dir]/modules.php?name=FAQ&myfaq=yes&id_cat=1&categories=45435[XSS]
http://www.example.com/[nuke_dir]/banners.php?op=EmailStats&login=[our_login]&cid=1&bid=[XSS]
http://www.example.com/[nuke_dir]/modules.php?name=Encyclopedia&file=index&op=terms&eid=1&ltr=[XSS]
An exploit is not required.
The following examples are available:
http://www.example.com/[nuke_dir]/modules.php?name=Search&author=[author]&topic=0&min=999999999[XSS]&query=[our query]
http://www.example.com/[nuke_dir]/modules.php?name=Search&author=[author]&topic=0&min=999999999[XSS]&query=[our_query]&type=users&category=2
http://www.example.com/[nuke_dir]/modules.php?name=Search&author=[author]&topic=0&min=999999999[XSS]&query=[our_query]&type=comments&category=2
http://www.example.com/[nuke_dir]/modules.php?name=Search&author=[author]&topic=0&min=999999999[XSS]&query=[our_query]&type=stories&category=2
http://www.example.com/[nuke_dir]/modules.php?name=Search&author=[author]&topic=0&min=999999999[XSS]&query=[our_query]&type=reviews&category=2
http://www.example.com/[nuke_dir]/modules.php?name=FAQ&myfaq=yes&id_cat=1&categories=45435[XSS]
http://www.example.com/[nuke_dir]/banners.php?op=EmailStats&login=[our_login]&cid=1&bid=[XSS]
http://www.example.com/[nuke_dir]/modules.php?name=Encyclopedia&file=index&op=terms&eid=1&ltr=[XSS]
Solution / Fix
PHPNuke Multiple Module Cross-Site Scripting Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
PHPNuke Multiple Module Cross-Site Scripting Vulnerabilities
References:
References:
- Full path disclosure and XSS in PHPNuke (SecurityReason