Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

geoBlog Mutiple XSS Vulnerability
From: admin () subjectzero net
Date: 2 May 2006 11:12:21 -0000

Summary:
Software: geoBlog
Sowtware's Web Site: http://sourceforge.net/projects/bitdamaged/
Versions: MOD_1.0

Issue: Our research team has been working arounf on this software since the last 2hrs and have come up succesfully with 
bug in the product .geoBLog is prone to multiple XSS vulnerability .An attacker may leverage this issue to have 
arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may 
help the attacker steal cookie-based authentication credentials and launch other attacks.the exploit is tested on 
geoBlog 1.0.

========================================

PROOF OF CONCEPT : http://www.subjectzero.net/research/sblog.htm

========================================

  By Date           By Thread  

Current thread:
  • geoBlog Mutiple XSS Vulnerability admin (May 02)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]