mailing list archives
CSS found in Movable Type
From: DarkHunter <darkhunter7 () hackermail com>
Date: 12 May 2003 18:26:59 -0000
Movable Type is a decentralized web-based personal publishing system
designed to ease maintenance of regularly-updated content. This content
can consist of, but is not limited to, entries in a weblog or online
journal, photographs in an online photo gallery, news headlines on a
newspaper site, or articles in an online magazine.
Vendor's site: www.movabletype.org
Movable Type version 2.63 and prior.
Cross Site Scripting Vulnerability found in writing the comments, in the
Comments section there is sevral textboxs:
Name, Email Address, URL and Comments.
in order to causes a CSS attack on the target site we need to write a
<script>alert("CSS discovered by DarkHunter")</script>
"DarkHunter><script> .. (This code is so bad :) .. it causes disappering
of all the Comments textboxs and buttons .. in other words every thing
after this code will disapper).
and of course there are many codes that u can use.
Edit the source code to strip malicious characters from Name, Email
Address, URL and Comments textboxs or escape malicious characters using
check the vendor's website for new patches.
The information has been provided by DarkHunter.
- CSS found in Movable Type DarkHunter (May 12)