TUCoPS :: Web :: Blogs :: b06-3472.htm

PHP-Blogger Multiple Cross Site Scripting Vulnerabilities
PHP-Blogger Multiple Cross Site Scripting Vulnerabilities
PHP-Blogger Multiple Cross Site Scripting Vulnerabilities



------=_Part_90050_17835814.1152251510521
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Multiple Cross Site Scripting Vulnerabilities exist in PHP-Blogger, a
free photoblog script designed for posting news & slideshows.
http://www.phpblogger.com 

Attached is the advisory which details the vulnerability.

Thanks,
OS2A

------=_Part_90050_17835814.1152251510521
Content-Type: text/plain; name=os2a_1006.txt; charset=ISO-8859-1
Content-Transfer-Encoding: base64
X-Attachment-Id: f_epc4jw8x
Content-Disposition: attachment; filename="os2a_1006.txt"

UEhQLUJsb2dnZXIgTXVsdGlwbGUgQ3Jvc3MgU2l0ZSBTY3JpcHRpbmcgVnVsbmVyYWJpbGl0aWVz
CgoKT1MyQSBJRDogT1MyQV8xMDA2CQkJU3RhdHVzOgoJCQkJCTE0LzA2LzIwMDYJSXNzdWUgRGlz
Y292ZXJlZAoJCQkJCTIzLzA2LzIwMDYJUmVwb3J0ZWQgdG8gdGhlIHZlbmRvcgoJCQkJCQkJKE5v
IHJlc3BvbnNlIG9uIHJlcGVhdGVkIG5vdGlmaWNhdGlvbikKCQkJCQkwNy8wNy8yMDA2CUFkdmlz
b3J5IFJlbGVhc2VkIAoKCkNsYXNzOiBDcm9zcyBTaXRlIFNjcmlwdGluZwkJU2V2ZXJpdHk6IE1l
ZGl1bQoKCk92ZXJ2aWV3OgotLS0tLS0tLS0KUEhQLUJsb2dnZXIgaXMgYSBmcmVlIHBocCBzY3Jp
cHQgZm9yIGNyZWF0aW5nIGEgcGVyc29uYWwgd2VibG9nIChibG9nKSBvciBwaG90b2Jsb2cuCmh0
dHA6Ly93d3cucGhwYmxvZ2dlci5jb20KCkRlc2NyaXB0aW9uOgotLS0tLS0tLS0tLS0KTXVsdGlw
bGUgQ3Jvc3Mtc2l0ZSBzY3JpcHRpbmcgdnVsbmVyYWJpbGl0aWVzIGV4aXN0IGR1ZSB0byBpbnB1
dCB2YWxpZGF0aW9uCmVycm9ycyBpbiBwYXJhbWV0ZXJzIGxpa2UgbmFtZSwgdGl0bGUsIG5ld3Ms
IGRlc2NyaXB0aW9uLCBzaXRlbmFtZSBldGMuLCBpbiAKYWRtaW4vYWN0aW9ucy5waHAuIAoKU3Vj
Y2Vzc2Z1bCBleHBsb2l0YXRpb24gcmVxdWlyZXMgYXV0aGVudGljYXRpb24uICAKCkltcGFjdDoK
LS0tLS0tLQpBIHJlbW90ZSBhdHRhY2tlciBjb3VsZCBpbmplY3QgbWFsaWNpb3VzIHNjcmlwdCBj
b2RlIGluIHRoZSB2aWN0aW0ncyBicm93c2VyCndpdGhpbiB0aGUgc2VjdXJpdHkgY29udGV4dCBv
ZiB0aGUgaG9zdGluZyBzaXRlIGFuZCBhbHNvIGNvdWxkIHN0ZWFsIHRoZSB2aWN0aW0ncwpjb29r
aWUtYmFzZWQgYXV0aGVudGljYXRpb24gY3JlZGVudGlhbHMuCgpBZmZlY3RlZCBTb2Z0d2FyZShz
KToKLS0tLS0tLS0tLS0tLS0tLS0tLS0tClBIUC1CbG9nZ2VyIDIuMi41IChwcmlvciB2ZXJzaW9u
cyBtYXkgYWxzbyBiZSB2dWxuZXJhYmxlKQoKUHJvb2Ygb2YgQ29uY2VwdDoKLS0tLS0tLS0tLS0t
LS0tLS0KU2FtcGxlIGV4cGxvaXRzCgpodHRwOi8vd3d3LnlvdXJzaXRlLmNvbS9kaXJlY3Rvcnlf
d2hlcmVfeW91X2luc3RhbGxlZF9waHBibG9nZ2VyL2FkbWluLnBocD9hY3Rpb249bmV3X25ld3MK
VnVsbmVyYWJsZSBmaWVsZHM6IFRpdGxlLCBOZXdzCgpodHRwOi8vd3d3LnlvdXJzaXRlLmNvbS9k
aXJlY3Rvcnlfd2hlcmVfeW91X2luc3RhbGxlZF9waHBibG9nZ2VyL2FkbWluLnBocD9hY3Rpb249
bmV3X3NsaWRlc2hvdwpWdWxuZXJhYmxlIGZpZWxkczogRGVzY3JpcHRpb24KCmh0dHA6Ly93d3cu
eW91cnNpdGUuY29tL2RpcmVjdG9yeV93aGVyZV95b3VfaW5zdGFsbGVkX3BocGJsb2dnZXIvYWRt
aW4ucGhwL2FkbWluLnBocD9hY3Rpb249cHJlZmVyZW5jZXMKaHR0cDovL3d3dy55b3Vyc2l0ZS5j
b20vZGlyZWN0b3J5X3doZXJlX3lvdV9pbnN0YWxsZWRfcGhwYmxvZ2dlci9hZG1pbi5waHA/YWN0
aW9uPWluc3RhbGwKVnVsbmVyYWJsZSBmaWVsZHM6IFNpdGUgbmFtZQoKSW5zZXJ0ICI8c2NyaXB0
PmFsZXJ0KCdYU1MgVnVsbmVyYWJsZScpOzwvc2NyaXB0PiIgaW4gYWJvdmUgZmllbGRzIHRvIHRy
eSB0aGUgdGhlIGV4cGxvaXQuCgpBbmFseXNpczoKLS0tLS0tLS0tClZ1bG5lcmFibGUgY29kZSBp
biBhZG1pbi9hY3Rpb25zLnBocCAoZXhhbXBsZSBzbmlwcGV0KQoKICAkaWQgPSBnZXRWYWx1ZSgi
aWQiKTsKICAkdGl0bGUgPSBnZXRWYWx1ZSgidGl0bGUiKTsKICAkZGVzY3JpcHRpb24gPSBnZXRW
YWx1ZSgiZGVzY3JpcHRpb24iKTsKICAkUG9zdCA9ICRCbG9nZ2VyLT5nZXRQb3N0KCRpZCk7CiAg
JGZvbGRlciA9ICRQb3N0LT5nZXREaXIoKTsKICAkUG9zdC0+c2V0VGl0bGUoJHRpdGxlKTsKICAk
UG9zdC0+c2V0RGVzY3JpcHRpb24oJGRlc2NyaXB0aW9uKTsKICAkZmlsZSA9IGdldFBvc3RGaWxl
cygicGljMCIpOwoKSW5wdXQgcGFzc2VkIHRvIG1hbnkgb2YgdGhlIHBhcmFtZXRlcnMgaW4gdGhp
cyBzY3JpcHQgYXJlIG5vdCBwcm9wZXJseSBzYW5pdGl6ZWQKYmVmb3JlIGJlaW5nIHVzZWQuIAoK
Q1ZTUyBTY29yZSBSZXBvcnQ6Ci0tLS0tLS0tLS0tLS0tLS0tLQogICAgQUNDRVNTX1ZFQ1RPUiAg
ICAgICAgICA9IFJFTU9URQogICAgQUNDRVNTX0NPTVBMRVhJVFkgICAgICA9IExPVwogICAgQVVU
SEVOVElDQVRJT04gICAgICAgICA9IFJFUVVJUkVECiAgICBDT05GSURFTlRJQUxJVFlfSU1QQUNU
ID0gUEFSVElBTAogICAgSU5URUdSSVRZX0lNUEFDVCAgICAgICA9IFBBUlRJQUwKICAgIEFWQUlM
QUJJTElUWV9JTVBBQ1QgICAgPSBOT05FCiAgICBJTVBBQ1RfQklBUyAgICAgICAgICAgID0gQ09O
RklERU5USUFMSVRZCiAgICBFWFBMT0lUQUJJTElUWSAgICAgICAgID0gUE9DCiAgICBSRU1FRElB
VElPTl9MRVZFTCAgICAgID0gVU5BVkFJTEFCTEUKICAgIFJFUE9SVF9DT05GSURFTkNFICAgICAg
PSBDT05GSVJNRUQKICAgIENWU1MgQmFzZSBTY29yZSAgICAgICAgPSAzLjEgKEFWOlIvQUM6TC9B
dTpSL0M6UC9JOlAvQTpOL0I6QykKICAgIENWU1MgVGVtcG9yYWwgU2NvcmUgICAgPSAyLjgKICAg
IFJpc2sgZmFjdG9yICAgICAgICAgICAgPSBNZWRpdW0KClNvbHV0aW9uOgotLS0tLS0tLS0KRWRp
dCB0aGUgc291cmNlIGNvZGUgdG8gc2FuaXRpemUgdGhlIHVzZXIgaW5wdXQgdmFsdWVzLgoKQ3Jl
ZGl0czoKLS0tLS0tLS0KUGF2aXRocmEgSGFuY2hhZ2FpYWggb2YgT1MyQSBoYXMgYmVlbiBjcmVk
aXRlZCB3aXRoIHRoZSBkaXNjb3Zlcnkgb2YgdGhpcyAKdnVsbmVyYWJpbGl0eS4K
------=_Part_90050_17835814.1152251510521--

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH