Bugtraq mailing list archives
simplog 0.9.3 and prior XSS
From: "piiiiiii pppiiiiiiii" <heliosz_time () hotmail com>
Date: Sun, 06 Aug 2006 21:01:00 +0000
## HeLiOsZ - Dark End Team - Internet Security Team ## simplog 0.9.3 and prior XSS## IRC: darkend.sytes.net #darkend , http://darkend.sytes.net & http://www.darkend.org
## Rish : Medium ## Type : web applet ## Creator: http://www.simplog.org/ ## Exploit: - The vuln is in the search section,it don't validate the imput.To exploit this vuln you simply need an Internet Browser,you must only use a cookie
logger to get the Blog cookies.To know if it is vulnerable: <script>alert('This is an XSS Vulnerability')</script>
## Dork: allinurl:simplog/archive.php _________________________________________________________________Don't just search. Find. Check out the new MSN Search! http://search.msn.com/
Current thread:
- simplog 0.9.3 and prior XSS piiiiiii pppiiiiiiii (Aug 07)