[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: Zomplog Script Injection Vulnerability =>3.4 (all versions
From: sikikmail () gmail ! com
Date: 2005-10-22 13:25:23
Message-ID: 20051022132523.11408.qmail () securityfocus ! com
[Download RAW message or body]
zomplog is prone to xss injection attacks. It is possible for a malicious zomplog \
user to inject hostile xss and script code into the commentary via form fields. This \
code may be rendered in the browser of a web user who views the commentary of \
zomplog. zomplog does not adequately filter xss tags from various fields. This may \
enable an attacker to inject arbitrary script code into pages that are generated by \
the blog. example:
put <script>alert('test')</script> in \
http://localhost/zomplog/detail.php?id=1#comments
Zamplog home page: http://zomplog.zomp.nl/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic