Bugtraq mailing list archives
Zoomblog HTML Injection Vulnerability
From: sikikmail () gmail com
Date: 4 Nov 2005 18:05:33 -0000
DESCRIPTION Zoomblog is prone to HTML injection attacks. It is possible for a malicious Zoomblog user to inject hostile HTML and script code into the commentary via form fields. This code may be rendered in the browser of a web user who views the commentary of Zoomblog. Zoomblog does not adequately filter HTML tags from various fields. This may enable an attacker to inject arbitrary script code into pages that are generated by the Zoomblog. All versions are vulnerable. EXPLOIT There is no exploit required. EXAMPLE Write <script>alert('test')</script> in http://yourblog.zoomblog/comments/ HOMEPAGE http:/zoomblog.com
Current thread:
- Zoomblog HTML Injection Vulnerability sikikmail (Nov 05)
- <Possible follow-ups>
- Zoomblog HTML Injection Vulnerability sikikmail (Nov 05)
- Re: Zoomblog HTML Injection Vulnerability RBA (Nov 07)