XSS Exploit
UBlog 1.6 Access Edition
http://www.uapplication.com/ublog/index.asp
Blog archive by date; Possibility to comment a blog; Notify via email; Password protected;
Amend or remove blogs or comments; On-line configuration; Multilanguage support; Completely customisable
look through
CSS etc. Code: ASP 2.0 & VBScript
The applications UBlog is vulnerable to an XSS (Cross-Site Scripting) Attack.
If the poster post in the field *text: the follow script
<script>alert("You are vulnerabile to XSS")</script>
When a user go to see the blog he receive the message "You are vulnerabile to XSS".
This is very boring.
Google dorks: "Powered by UBlog"
The vendor is informed!
Credits:
Cyber-Security.ORG | Turkish Hacking & Security
Security advisory by SnoB