[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

myBloggie 2.1.1

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: myBloggie 2.1.1
From: Francisco Alisson <dominusvis@xxxxxxxxxxxxxx>
Date: 15 Apr 2005 14:11:30 -0000


############################################
#
# myBloggie 2.1.1
# Vendor: http://www.mywebland.com/
#
############################################

 When the comments are posted there's no check for "&lt;script&gt;" tags 
allowing a script injection attack.
 Proof of Concept
 &lt;script&gt;alert("Hi world!");&lt;/script&gt;


 ..-= Dominus_Vis =-..
  [Infektion Group]
       Brazil

Prev by Date: Dameware NT Utilities and MiniRemote Control <= 4.9 vulnerability
Next by Date: Arbitrary file overwrite possible by Musicmatch ActiveX control
Previous by thread: Dameware NT Utilities and MiniRemote Control <= 4.9 vulnerability
Next by thread: Arbitrary file overwrite possible by Musicmatch ActiveX control
Index(es):
- Date
- Thread