simplog 0.9.3 and prior XSS

2006-08-08T00:00:00
ID SECURITYVULNS:DOC:13785
Type securityvulns
Reporter Securityvulns
Modified 2006-08-08T00:00:00

Description

HeLiOsZ - Dark End Team - Internet Security Team

simplog 0.9.3 and prior XSS

IRC: darkend.sytes.net #darkend , http://darkend.sytes.net &

http://www.darkend.org

Rish : Medium

Type : web applet

Creator: http://www.simplog.org/

Exploit:

  • The vuln is in the search section,it don't validate the imput. To exploit this vuln you simply need an Internet Browser,you must only use a cookie logger to get the Blog cookies. To know if it is vulnerable: <script>alert('This is an XSS Vulnerability')</script>

Dork: allinurl:simplog/archive.php


Don't just search. Find. Check out the new MSN Search! http://search.msn.com/