Odysseus Blog Blog.PHP Cross-Site Scripting Vulnerability
BID:21128
Info
Odysseus Blog Blog.PHP Cross-Site Scripting Vulnerability
| Bugtraq ID: | 21128 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 16 2006 12:00AM |
| Updated: | Nov 20 2006 11:45PM |
| Credit: | the_Edit0r is credited with the discovery of this vulnerability. |
| Vulnerable: |
Odysseus Blog Odysseus Blog 1.0 |
| Not Vulnerable: | |
Discussion
Odysseus Blog Blog.PHP Cross-Site Scripting Vulnerability
Odysseus Blog is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker to steal cookie-based authentication credentials and launch other attacks.
Version 1.0.0 is vulnerable; other versions may also be affected.
Odysseus Blog is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker to steal cookie-based authentication credentials and launch other attacks.
Version 1.0.0 is vulnerable; other versions may also be affected.
Exploit / POC
Odysseus Blog Blog.PHP Cross-Site Scripting Vulnerability
To exploit this issue, an attacker must entice an unsuspecting victim into following a malicious URI.
The following proof-of-concept URI is available:
To exploit this issue, an attacker must entice an unsuspecting victim into following a malicious URI.
The following proof-of-concept URI is available:
Solution / Fix
Odysseus Blog Blog.PHP Cross-Site Scripting Vulnerability
Solution:
The vendor has released a patch to address this issue. Please contact the vendor for information on how to obtain and apply this patch.
Solution:
The vendor has released a patch to address this issue. Please contact the vendor for information on how to obtain and apply this patch.
References
Odysseus Blog Blog.PHP Cross-Site Scripting Vulnerability
References:
References:
- Odysseus Blog Homepage (Odysseus Blog)
- OdysseusBlog => 1.0.0 Cross Site Scripting (the Edit0r)