Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: PHP :: bt608.txt

cross site scripting htmltonuke







I find a bug in some versions of htmltonuke.



servers with php-nuke installed are not vulnerables



some versions of htmltonuke only have permisions to acces to html files, 

but if you tipe the script before a invalid html file, the script are 

executed.



exploit:



http://www.example.com/htmltonuke.php?filnavn=[SCRIPT]%20example.html





TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH