UBlog Remote XSS Exploit

2006-05-11T00:00:00
ID SECURITYVULNS:DOC:12634
Type securityvulns
Reporter Securityvulns
Modified 2006-05-11T00:00:00

Description

Vunerability(s):

XSS Exploit

Product:

UBlog 1.6 Access Edition

Vendor:

http://www.uapplication.com/ublog/index.asp

Description of product:

Blog archive by date; Possibility to comment a blog; Notify via email; Password protected; Amend or remove blogs or comments; On-line configuration; Multilanguage support; Completely customisable look through CSS etc. Code: ASP 2.0 & VBScript

Vulnerability / Exploit:

The applications UBlog is vulnerable to an XSS (Cross-Site Scripting) Attack.

PoC / Proof of Concept:

If the poster post in the field *text: the follow script

<script>alert("You are vulnerabile to XSS")</script>

When a user go to see the blog he receive the message "You are vulnerabile to XSS". This is very boring.

Additional Information:

Google dorks: "Powered by UBlog"

Vendor Status

The vendor is informed!

Credits:

Cyber-Security.ORG | Turkish Hacking & Security Security advisory by SnoB