zeroblogXSS.txt

2005-10-12T00:00:00
ID PACKETSTORM:40654
Type packetstorm
Reporter trueend5
Modified 2005-10-12T00:00:00

Description

                                        
                                            `Software: ZeroBlog  
Vendor: http://www.sothq.net  
Version: 1.2a , 1.1f  
Bug: XSS  
Exploitation: Remote  
---------------------------  
Introduction:  
Zeroblog: Feature ritch weblog, d-board, live webcam  
(option, and requires 3th party software), calendar,  
poll system, photogallery, smileys, search engine, 80%  
customizable and many more... most pages and modules  
can be switched on and off, custom text fields and  
more!!   
---------------------------  
vulnerability:  
XSS Vulnerability in 'thread.php' that may allow a  
remote user to launch cross-site scripting attacks  
Using URL decode.  
This issue could permit a remote attacker to create a  
malicious URI link that includes hostile HTML and  
script code. If this link were to be followed, the  
hostile code may be rendered in the web browser of the  
victim user. This would occur in the security context  
of the affected Web site and may allow for theft of  
cookie-based authentication credentials or other  
attacks.  
  
----------------------------  
Demonstration URL:  
http://example.com/thread.php?threadID='%3CIFRAME%20SRC=javascript:alert(%2527XSS%2527)%3E%3C/IFRAME%3E  
-----------------------------  
Solution:  
There is no vendor-supplied patch for this issue at  
this time.  
-------------------------------  
Credits:  
Discovered & released by trueend5  
Security Science Researchers Institute Of Iran  
[KAPDA.ir]  
Original Advisory:  
http://irannetjob.com/content/view/141/28/  
  
  
  
  
__________________________________   
Yahoo! Music Unlimited   
Access over 1 million songs. Try it free.  
http://music.yahoo.com/unlimited/  
`