Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:12634
HistoryMay 11, 2006 - 12:00 a.m.

UBlog Remote XSS Exploit

2006-05-1100:00:00
vulners.com
13
JSON

Vunerability(s):

XSS Exploit

Product:

UBlog 1.6 Access Edition

Vendor:

http://www.uapplication.com/ublog/index.asp

Description of product:

Blog archive by date; Possibility to comment a blog; Notify via email; Password protected;
Amend or remove blogs or comments; On-line configuration; Multilanguage support; Completely customisable
look through
CSS etc. Code: ASP 2.0 & VBScript

Vulnerability / Exploit:

The applications UBlog is vulnerable to an XSS (Cross-Site Scripting) Attack.

PoC / Proof of Concept:

If the poster post in the field *text: the follow script

<script>alert("You are vulnerabile to XSS")</script>

When a user go to see the blog he receive the message "You are vulnerabile to XSS".
This is very boring.

Additional Information:

Google dorks: "Powered by UBlog"

Vendor Status

The vendor is informed!

Credits:

Cyber-Security.ORG | Turkish Hacking & Security
Security advisory by SnoB

JSON