Simple PHP Blog version 0.4.0 suffers from a cross site scripting vulnerability.
7a1ae84baee4ee6749d39f834be9e1f4da95a10952d8041cf099d050921a795a
[+] Credits: Boumediene KADDOUR AKA sh311c0d3r
[+] Website: http://www.pentestingskills.com
Vendor:
======================
http://www.simpleblogphp.com
Product:
===============================
Simple PHP Blog 0.4.0
Vulnerability Type:
=============================
Cross Site Scripting (XSS)
CVE Reference:
==============
N/A
Vulnerability Details:
=====================
The search bar on the search.php script doesn't properly sanitize user
supplied data, which
causes the script to be prone to a cross site scripting that in turns
allows an attacker to execute
JS instructions on the client side.
Exploit code(s):
================
http://192.168.43.167/internal/blog/search.php?q=%3Cscript%3Ealert%28%22SickApp%22%29%3C%2Fscript%3E
Disclosure:
=============================================
November 07/11/2016 : Public Disclosure
sh311c0d3r