|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
UBlog Remote XSS Exploit
SnoBMSN
Hotmail.De
Date: Sun May 07 2006 - 01:50:23 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Vunerability(s):
----------------
XSS Exploit
Product:
--------
UBlog 1.6 Access Edition
Vendor:
--------
http://www.uapplication.com/ublog/index.asp
Description of product:
-----------------------
Blog archive by date; Possibility to comment a blog; Notify via email; Password protected;
Amend or remove blogs or comments; On-line configuration; Multilanguage support; Completely customisable look through
CSS etc. Code: ASP 2.0 & VBScript
Vulnerability / Exploit:
------------------------
The applications UBlog is vulnerable to an XSS (Cross-Site Scripting) Attack.
PoC / Proof of Concept:
-----------------------
If the poster post in the field *text: the follow script
<script>alert("You are vulnerabile to XSS")</script>
When a user go to see the blog he receive the message "You are vulnerabile to XSS".
This is very boring.
Additional Information:
-----------------------
Google dorks: "Powered by UBlog"
Vendor Status
-------------
The vendor is informed!
Credits:
Cyber-Security.ORG | Turkish Hacking & Security
Security advisory by SnoB
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]