[38394] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

myBloggie 2.1.1

daemon@ATHENA.MIT.EDU (Francisco Alisson)
Fri Apr 15 14:25:20 2005

Date: 15 Apr 2005 14:11:30 -0000
Message-ID: <20050415141130.31847.qmail@www.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: Francisco Alisson <dominusvis@click21.com.br>
To: bugtraq@securityfocus.com



############################################
#
# myBloggie 2.1.1
# Vendor: http://www.mywebland.com/
#
############################################

 When the comments are posted there's no check for "&lt;script&gt;" tags allowing a script injection attack.
 Proof of Concept
 &lt;script&gt;alert("Hi world!");&lt;/script&gt;


 ..-= Dominus_Vis =-..
  [Infektion Group]
       Brazil


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[38394] in bugtraq

myBloggie 2.1.1

daemon@ATHENA.MIT.EDU (Francisco Alisson)Fri Apr 15 14:25:20 2005

daemon@ATHENA.MIT.EDU (Francisco Alisson)
Fri Apr 15 14:25:20 2005