BlogPHP version 2 suffers from a cross site scripting vulnerability.
2159947fb926b1c0f0f8b912806372ce42f811e3dae117f972835a1c0be8b6d6######################################################################################
[+] Title : BlogPHP v2 (search) Xss Vulnerbility
[+] Name : BlogPHP
[+] Affected Version : v2
[+] Software Link : http://sourceforge.net/projects/blogphpscript/files/blogphpscript/2.0/BlogPHPv2.zip/download
[+] Software : http://amhserver.com/37/ & http://www.metjar.com/
[+] Tested on : (L):Vista & Windows Xp and Windows 7
[+] Dork : Google Dork: "Copyright ©2006 Powered by www.blogphp.net"
[+] Date : 09/08/2011
#######################################################################################
[+] Author : Yassin Aboukir
[+] Contact : 01Xp01@Gmail.com
[+] Site : http://www.yaboukir.com
#######################################################################################
# Special thanks to Paul Maaouchy for his First found in Members.html.
-- See More : http://www.exploit-db.com/exploits/17640/
#######################################################################################
[+] Details : Cross-site scripting holes are web-application vulnerabilities which allow attackers to bypass client-side security mechanisms normally imposed on web content by modern browsers. By finding ways of injecting malicious scripts into web pages, an attacker can gain elevated access privileges to sensitive page-content, session cookies, and a variety of other information maintained by the browser on behalf of the user. Cross-site scripting attacks are therefore a special case of code injection.
[+] How to exploit :
http://localhost/Path/index.php?search=<script>alert('Xssed by The W0rm')</script>
[+] Fix : upgrade to last release (v3)
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed