|
Vunerability(s):=0D
----------------=0D
XSS Exploit=0D
=0D
=0D
Product:=0D
--------=0D
UBlog 1.6 Access Edition=0D
=0D
Vendor:=0D
--------=0D
http://www.uapplication.com/ublog/index.asp=0D
=0D
=0D
Description of product:=0D
-----------------------=0D
=0D
Blog archive by date; Possibility to comment a blog; Notify via email; Password protected; =0D
Amend or remove blogs or comments; On-line configuration; Multilanguage support; Completely customisable look through =0D
CSS etc. Code: ASP 2.0 & VBScript=0D
=0D
=0D
Vulnerability / Exploit:=0D
------------------------=0D
=0D
The applications UBlog is vulnerable to an XSS (Cross-Site Scripting) Attack.=0D
=0D
=0D
PoC / Proof of Concept:=0D
-----------------------=0D
=0D
If the poster post in the field *text: the follow script=0D
=0D
=0D
=0D
When a user go to see the blog he receive the message "You are vulnerabile to XSS". =0D
This is very boring.=0D
=0D
Additional Information:=0D
-----------------------=0D
=0D
Google dorks: "Powered by UBlog"=0D
=0D
=0D
Vendor Status=0D
-------------=0D
=0D
The vendor is informed!=0D
=0D
Credits:=0D
=0D
Cyber-Security.ORG | Turkish Hacking & Security=0D
Security advisory by SnoB