[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

simplog 0.9.3 and prior XSS

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: simplog 0.9.3 and prior XSS
From: "piiiiiii pppiiiiiiii" <heliosz_time@xxxxxxxxxxx>
Date: Sun, 06 Aug 2006 21:01:00 +0000

## HeLiOsZ - Dark End Team - Internet Security Team
## simplog 0.9.3 and prior XSS

## IRC: darkend.sytes.net #darkend , http://darkend.sytes.net &http://www.darkend.org

## Rish : Medium
## Type : web applet

## Creator: http://www.simplog.org/

## Exploit:
- The vuln is in the search section,it don't validate the imput.

To exploit this vuln you simply need an Internet Browser,you must only usea cookie

 logger to get the Blog cookies.

To know if it is vulnerable: <script>alert('This is an XSSVulnerability')</script>


## Dork: allinurl:simplog/archive.php

_________________________________________________________________

Don't just search. Find. Check out the new MSN Search!http://search.msn.com/

Prev by Date: RE: linksys WRT54g authentication bypass
Next by Date: Visual Events Calendar v1.1 (cfg_dir) Remote Inclusion Vulnerability
Previous by thread: DeluxeBB Multiple Vulnerabilities
Next by thread: Visual Events Calendar v1.1 (cfg_dir) Remote Inclusion Vulnerability
Index(es):
- Date
- Thread