UBlog 1.6 Access Edition
Blog archive by date; Possibility to comment a blog; Notify via email; Password protected; Amend or remove blogs or comments; On-line configuration; Multilanguage support; Completely customisable look through CSS etc. Code: ASP 2.0 & VBScript
The applications UBlog is vulnerable to an XSS (Cross-Site Scripting) Attack.
If the poster post in the field *text: the follow script
<script>alert("You are vulnerabile to XSS")</script>
When a user go to see the blog he receive the message "You are vulnerabile to XSS". This is very boring.
Google dorks: "Powered by UBlog"
The vendor is informed!
Cyber-Security.ORG | Turkish Hacking & Security Security advisory by SnoB