TUCoPS :: Web :: PHP :: bt608.txt

cross site scripting htmltonuke 




I find a bug in some versions of htmltonuke.



servers with php-nuke installed are not vulnerables



some versions of htmltonuke only have permisions to acces to html files, 

but if you tipe the script before a invalid html file, the script are 

executed.



exploit:



http://www.example.com/htmltonuke.php?filnavn=[SCRIPT]%20example.html

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH