Bugtraq mailing list archives

Zoomblog HTML Injection Vulnerability

From: sikikmail () gmail com
Date: 4 Nov 2005 18:05:33 -0000



DESCRIPTION
Zoomblog is prone to HTML injection attacks. It is possible for a malicious Zoomblog user to inject hostile HTML and 
script code into the commentary via form fields. This code may be rendered in the browser of a web user who views the 
commentary of Zoomblog.
Zoomblog does not adequately filter HTML tags from various fields. This may enable an attacker to inject arbitrary 
script code into pages that are generated by the Zoomblog.
All versions are vulnerable.


EXPLOIT
There is no exploit required.

EXAMPLE
Write <script>alert('test')</script> in http://yourblog.zoomblog/comments/

HOMEPAGE
http:/zoomblog.com

Current thread:

Zoomblog HTML Injection Vulnerability sikikmail (Nov 05)
- <Possible follow-ups>
- Zoomblog HTML Injection Vulnerability sikikmail (Nov 05)
- Re: Zoomblog HTML Injection Vulnerability RBA (Nov 07)