Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

eggblog-xss.txt

🗓️ 13 Nov 2007 00:00:00Reported by Mesut TimurType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 32 Views

Eggblog v3.1.0 XSS vulnerability in home/rss.ph

Code
`H - Security Labs   
Eggblog v3.1.0 Security Advisory   
ID : HSEC#20071111   
General Information  
--------------------------  
Name : EggBlog v.3.1.0  
Vendor HomePage :http://sourceforge.net/projects/eggblog/   
Platforms : PHP && MySQL  
Vulnerability Type : Input Validation Error  
  
Timeline  
-------------------------  
08 October 2007 -- Vendor Contacted   
30 October 2007 -- Vendor Replied  
11 November 2007 -- New Release  
11 November 2007 -- Advisory Released  
  
  
What is Eggblog  
------------------------  
eggblog is a free PHP & MySQL blogging package. Features include an internal search engine,  
  
photo albums, forums, plug-ins, guest comments to blog articles, automatic monthly archiving  
  
of blog articles and RSS XML feeds for both the blog and forums.  
I discovered the security holes when I was testing it for my personel web blog.  
  
Vulnerability Overview  
------------------------  
The script is vulnerable to XSS attacks.  
  
Details About Vulnerability  
------------------------  
XSS Vulnerability(home/rss.php)  
  
At the rss.php line 6-7; there are unfiltered PHP_SELFs that can be used for XSS attacks.  
---------  
<a  
  
href=\"../rss/blog.php\">".$_SERVER['SERVER_NAME'].str_replace("/home/rss.php","",$_SERVER['  
  
PHP_SELF'])."/rss/blog.php</a></li>  
<a  
  
href=\"../rss/topics.php\">".$_SERVER['SERVER_NAME'].str_replace("/home/rss.php","",$_SERVER  
  
['PHP_SELF'])."/rss/topics.php</a></li>  
---------  
  
The attacker can succesfully launch XSS attacks with loading payload on to the URL after the  
  
home\rss.php. For example :  
http://www.example.com/home/rss.php/<script>alert(1)</script>  
  
Solutions  
-----------------------  
Download the new release : EggBlog v3.1.1  
  
Credits  
-----------------------  
The vulnerabilities found on 08 October 2007  
by Mesut Timur <[email protected]>  
H - Security Labs , http://www.h-labs.org  
Gebze Institue of Technology,Computer Engineering,http://www.gyte.edu.tr  
  
References  
-----------------------  
http://sourceforge.net/forum/forum.php?forum_id=753622  
http://www.eggblog.net  
http://sourceforge.net/projects/eggblog/  
Original Advisory : http://www.h-labs.org/blog/2007/11/11/eggblog_v3_1_0_xss_issues.html  
  
Mesut TIMUR  
http://www.h-labs.org  
H - Security Labs Güvenlik Editörü  
GYTE Bilgisayar Mühendisligi  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
13 Nov 2007 00:00Current
7.4High risk
Vulners AI Score7.4
eggblog v3.1.0xssphp & mysqlinput validation errorsecurity advisoryhsec#20071111vulnerabilityrssdownloadmesut timurh - security labsgebze institue of technology
32