simplog 0.9.3 and prior XSS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

simplog 0.9.3 and prior XSS

Subject: simplog 0.9.3 and prior XSS
Date: Sun, 06 Aug 2006 21:01:00 +0000
From: "piiiiiii pppiiiiiiii" <suppressed>

## HeLiOsZ - Dark End Team - Internet Security Team
## simplog 0.9.3 and prior XSS

## IRC: darkend.sytes.net #darkend , http://darkend.sytes.net &http://www.darkend.org

## Rish : Medium
## Type : web applet

## Creator: http://www.simplog.org/

## Exploit:
- The vuln is in the search section,it don't validate the imput.

To exploit this vuln you simply need an Internet Browser,you must only usea cookie

 logger to get the Blog cookies.

To know if it is vulnerable: <script>alert('This is an XSSVulnerability')</script>


## Dork: allinurl:simplog/archive.php

_________________________________________________________________

Don't just search. Find. Check out the new MSN Search!http://search.msn.com/

Prev by Date: RE: linksys WRT54g authentication bypass
Next by Date: Visual Events Calendar v1.1 (cfg_dir) Remote Inclusion Vulnerability
Previous by thread: DeluxeBB Multiple Vulnerabilities
Next by thread: Visual Events Calendar v1.1 (cfg_dir) Remote Inclusion Vulnerability
Index(es):
- Date
- Thread

Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.