[41057] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Zoomblog HTML Injection Vulnerability

daemon@ATHENA.MIT.EDU (sikikmail@gmail.com)
Sat Nov 5 18:03:19 2005

Date: 4 Nov 2005 18:05:33 -0000
Message-ID: <20051104180533.26771.qmail@securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: sikikmail@gmail.com
To: bugtraq@securityfocus.com

DESCRIPTION
Zoomblog is prone to HTML injection attacks. It is possible for a malicious Zoomblog user to inject hostile HTML and script code into the commentary via form fields. This code may be rendered in the browser of a web user who views the commentary of Zoomblog.
Zoomblog does not adequately filter HTML tags from various fields. This may enable an attacker to inject arbitrary script code into pages that are generated by the Zoomblog.
All versions are vulnerable.

EXPLOIT
There is no exploit required.

EXAMPLE
Write <script>alert('test')</script> in http://yourblog.zoomblog/comments/

HOMEPAGE
http:/zoomblog.com


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[41057] in bugtraq

Zoomblog HTML Injection Vulnerability

daemon@ATHENA.MIT.EDU (sikikmail@gmail.com)Sat Nov 5 18:03:19 2005

daemon@ATHENA.MIT.EDU (sikikmail@gmail.com)
Sat Nov 5 18:03:19 2005