[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Zomplog Script Injection Vulnerability =>3.4 (all versions
From:       sikikmail () gmail ! com
Date:       2005-10-22 13:25:23
Message-ID: 20051022132523.11408.qmail () securityfocus ! com
[Download RAW message or body]

zomplog is prone to xss injection attacks. It is possible for a malicious zomplog \
user to inject hostile xss and script code into the commentary via form fields. This \
code may be rendered in the browser of a web user who views the commentary of \
zomplog. zomplog does not adequately filter xss tags from various fields. This may \
enable an attacker to inject arbitrary script code into pages that are generated by \
the blog. example:
put <script>alert('test')</script> in \
http://localhost/zomplog/detail.php?id=1#comments

Zamplog home page: http://zomplog.zomp.nl/


[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic