- EXPL-A-2005-011 exploitlabs.com Advisory 040 -
- QuickBlogger -
QuickBlogger 1.4 ( and earlier ) http://www.jlwebworks.net/
QuickBlogger is a freeware flatfile php blog script written to simplify updating your blog/website.
Quickblog comments section does not properly filter malicious script content. XSS my be inserted in the author and comment body sections. The malicious script is the rendered upon visitation and executed in the context of the users brower.
insert script into the "your name" and or the "comment" section.
vendor contact: email@example.com June 11, 2005 firstname.lastname@example.org June 21, 2005
no response recieved
This vulnerability was discovered and researched by Donnie Werner of exploitlabs
mail: wood at exploitlabs.com mail: morning_wood at zone-h.org -- web: http://exploitlabs.com web: http://zone-h.org
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/