9 lines
No EOL
648 B
Text
9 lines
No EOL
648 B
Text
source: http://www.securityfocus.com/bid/3807/info
|
|
|
|
phptonuke.php is a PHPNuke AddOn script to insert a PHP script into the middle of a PHPNuke site. It is written and maintained by Lebios.
|
|
|
|
It is possible for a malicious user to create a link to the phptonuke.php script which contains script code. When an unsuspecting web user browses the link, the script code will be executed in their browser in the context of the PHPNuke site.
|
|
|
|
This type of attack may be used to hijack a legitimate user's session via theft of cookie-based authentication credentials.
|
|
|
|
http://phpnukesite/phptonuke.php?filnavn=<script>alert(document.cookie)</script> |