simplog 0.9.3 and prior XSS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

## HeLiOsZ - Dark End Team - Internet Security Team
## simplog 0.9.3 and prior XSS
## IRC: darkend.sytes.net #darkend , http://darkend.sytes.net & http://www.darkend.org 
## Rish : Medium
## Type : web applet

## Creator: http://www.simplog.org/

## Exploit:
- The vuln is in the search section,it don't validate the imput.
To exploit this vuln you simply need an Internet Browser,you must only use a cookie 
 logger to get the Blog cookies.
To know if it is vulnerable: <script>alert('This is an XSS Vulnerability')</script> 

## Dork: allinurl:simplog/archive.php

_________________________________________________________________
Don't just search. Find. Check out the new MSN Search! http://search.msn.com/
[Index of Archives]     [Linux Security]     [Netfilter]     [PHP]     [Yosemite News]     [Linux Kernel]

  Powered by Linux