[<prev] [next>] [day] [month] [year] [list]
Message-ID: <BAY20-F4BA14D02A371C0904CA69EB560@phx.gbl>
Date: Sun, 06 Aug 2006 21:01:00 +0000
From: "piiiiiii pppiiiiiiii" <heliosz_time@...mail.com>
To: bugtraq@...urityfocus.com
Subject: simplog 0.9.3 and prior XSS
## HeLiOsZ - Dark End Team - Internet Security Team
## simplog 0.9.3 and prior XSS
## IRC: darkend.sytes.net #darkend , http://darkend.sytes.net &
http://www.darkend.org
## Rish : Medium
## Type : web applet
## Creator: http://www.simplog.org/
## Exploit:
- The vuln is in the search section,it don't validate the imput.
To exploit this vuln you simply need an Internet Browser,you must only use
a cookie
logger to get the Blog cookies.
To know if it is vulnerable: <script>alert('This is an XSS
Vulnerability')</script>
## Dork: allinurl:simplog/archive.php
_________________________________________________________________
Don't just search. Find. Check out the new MSN Search!
http://search.msn.com/
Powered by blists - more mailing lists