Vunerability(s): ---------------- XSS Exploit Product: -------- UBlog 1.6 Access Edition Vendor: -------- http://www.uapplication.com/ublog/index.asp Description of product: ----------------------- Blog archive by date; Possibility to comment a blog; Notify via email; Password protected; Amend or remove blogs or comments; On-line configuration; Multilanguage support; Completely customisable look through CSS etc. Code: ASP 2.0 & VBScript Vulnerability / Exploit: ------------------------ The applications UBlog is vulnerable to an XSS (Cross-Site Scripting) Attack. PoC / Proof of Concept: ----------------------- If the poster post in the field *text: the follow script <script>alert("You are vulnerabile to XSS")</script> When a user go to see the blog he receive the message "You are vulnerabile to XSS". This is very boring. Additional Information: ----------------------- Google dorks: "Powered by UBlog" Vendor Status ------------- The vendor is informed! Credits: Cyber-Security.ORG | Turkish Hacking & Security Security advisory by SnoB