BugTraq
Back to list
|
Post reply
UBlog Remote XSS Exploit
May 07 2006 06:50AM
SnoBMSN Hotmail De
Vunerability(s):
----------------
XSS Exploit
Product:
--------
UBlog 1.6 Access Edition
Vendor:
--------
http://www.uapplication.com/ublog/index.asp
Description of product:
-----------------------
Blog archive by date; Possibility to comment a blog; Notify via email; Password protected;
Amend or remove blogs or comments; On-line configuration; Multilanguage support; Completely customisable look through
CSS etc. Code: ASP 2.0 & VBScript
Vulnerability / Exploit:
------------------------
The applications UBlog is vulnerable to an XSS (Cross-Site Scripting) Attack.
PoC / Proof of Concept:
-----------------------
If the poster post in the field *text: the follow script
<script>alert("You are vulnerabile to XSS")</script>
When a user go to see the blog he receive the message "You are vulnerabile to XSS".
This is very boring.
Additional Information:
-----------------------
Google dorks: "Powered by UBlog"
Vendor Status
-------------
The vendor is informed!
Credits:
Cyber-Security.ORG | Turkish Hacking & Security
Security advisory by SnoB
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
----------------
XSS Exploit
Product:
--------
UBlog 1.6 Access Edition
Vendor:
--------
http://www.uapplication.com/ublog/index.asp
Description of product:
-----------------------
Blog archive by date; Possibility to comment a blog; Notify via email; Password protected;
Amend or remove blogs or comments; On-line configuration; Multilanguage support; Completely customisable look through
CSS etc. Code: ASP 2.0 & VBScript
Vulnerability / Exploit:
------------------------
The applications UBlog is vulnerable to an XSS (Cross-Site Scripting) Attack.
PoC / Proof of Concept:
-----------------------
If the poster post in the field *text: the follow script
<script>alert("You are vulnerabile to XSS")</script>
When a user go to see the blog he receive the message "You are vulnerabile to XSS".
This is very boring.
Additional Information:
-----------------------
Google dorks: "Powered by UBlog"
Vendor Status
-------------
The vendor is informed!
Credits:
Cyber-Security.ORG | Turkish Hacking & Security
Security advisory by SnoB
[ reply ]