Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Zoomblog HTML Injection Vulnerability
From: sikikmail () gmail com
Date: 4 Nov 2005 18:11:36 -0000
DESCRIPTION
Zoomblog is prone to HTML injection attacks. It is possible for a malicious Zoomblog user to inject hostile HTML  and 
script code into the commentary via form fields. This code may be rendered in the browser of a web user who views the 
commentary of Zoomblog.
Zoomblog does not adequately filter HTML tags from various fields. This may enable an attacker to inject arbitrary 
script code into pages that are generated by the Zoomblog.
All versions are vulnerable.


EXPLOIT
There is no exploit required.


EXAMPLE
Write a malicious HTML code in the tag "NAME"


ZOOMPLOG HOMEPAGE
http://zoomblog.com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]