|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
XSS in ACS blog
From: farhad koosha (farhadkey
yahoo.com)
Date: Thu Mar 17 2005 - 02:24:01 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
XSS vulnerability exist in the ACS blog ( ASP WEBLOG SYSTEM ).
Vulnerable :
ACS Blog v 0.8
ACS Blog v 0.9
ACS Blog v 1.0
ACS Blog v 1.1b
Code :
/search.asp?search=%22%3Cbr%3E%3Ciframe+src%3D%22http%3A%2F%2Fgoogle.com%22%3E%3C%2Fiframe%3E
or goto /search.asp and copy this code :
"<br><iframe src="http://google.com"></iframe>
Vendor URL : http://www.asppress.com
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]