BlogPHP 2 Cross Site Scripting

2011-08-09T00:00:00
ID PACKETSTORM:103830
Type packetstorm
Reporter Paul Maaouchy
Modified 2011-08-09T00:00:00

Description

                                        
                                            `# Exploit Title: BlogPHP v2 - XSS  
# Google Dork: "Copyright ©2006 Powered by www.blogphp.net"  
# Date: 09/08/2011  
# Author: Paul Maaouchy( Paulzz )  
# Software Link: http://sourceforge.net/projects/blogphpscript/files/blogphpscript/2.0/BlogPHPv2.zip/download  
# Version: v2  
# Tested on:  
# CVE :  
How to exploit:  
1- Go there : http://localhost/blogphp/register.html.  
2- Put in the Username field the XSS Code. Example:<META http-equiv="refresh" content="0;URL=http://www.google.com"> .  
3- Put anything in the other field ( Password & E-mail).  
4- Now anyone go there : http://localhost/blogphp/members.html will redirected to google.com OR exploit your XSS Code.  
  
Paul Maaouchy ( Paulzz )  
Contact me  
@ spy.xp@hotmail.com  
@ paul.maaouchy@gmail.com  
@ paulmeouchi@paulmeouchi.com  
  
`