Bugtraq mailing list archives

simplog 0.9.3 and prior XSS

From: "piiiiiii pppiiiiiiii" <heliosz_time () hotmail com>
Date: Sun, 06 Aug 2006 21:01:00 +0000

## HeLiOsZ - Dark End Team - Internet Security Team
## simplog 0.9.3 and prior XSS

## IRC: darkend.sytes.net #darkend , http://darkend.sytes.net &http://www.darkend.org

## Rish : Medium
## Type : web applet

## Creator: http://www.simplog.org/

## Exploit:
- The vuln is in the search section,it don't validate the imput.

To exploit this vuln you simply need an Internet Browser,you must only usea cookie

 logger to get the Blog cookies.

To know if it is vulnerable: <script>alert('This is an XSSVulnerability')</script>


## Dork: allinurl:simplog/archive.php

_________________________________________________________________

Don't just search. Find. Check out the new MSN Search!http://search.msn.com/

Current thread:

simplog 0.9.3 and prior XSS piiiiiii pppiiiiiiii (Aug 07)