lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20051104181136.27737.qmail@securityfocus.com> Date: 4 Nov 2005 18:11:36 -0000 From: sikikmail@...il.com To: bugtraq@...urityfocus.com Subject: Zoomblog HTML Injection Vulnerability DESCRIPTION Zoomblog is prone to HTML injection attacks. It is possible for a malicious Zoomblog user to inject hostile HTML and script code into the commentary via form fields. This code may be rendered in the browser of a web user who views the commentary of Zoomblog. Zoomblog does not adequately filter HTML tags from various fields. This may enable an attacker to inject arbitrary script code into pages that are generated by the Zoomblog. All versions are vulnerable. EXPLOIT There is no exploit required. EXAMPLE Write a malicious HTML code in the tag "NAME" ZOOMPLOG HOMEPAGE http://zoomblog.com