My Little Weblog Weblog.php Cross-Site Scripting Vulnerability
BID:21238
Info
My Little Weblog Weblog.php Cross-Site Scripting Vulnerability
| Bugtraq ID: | 21238 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 21 2006 12:00AM |
| Updated: | Nov 24 2006 09:20PM |
| Credit: | the_Edit0r is credited with the discovery of this vulnerability. |
| Vulnerable: |
my little homepage My Little Weblog 2006.11.21 0 |
| Not Vulnerable: | |
Discussion
My Little Weblog Weblog.php Cross-Site Scripting Vulnerability
My Little Weblog is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input to the 'action' parameter of the 'weblog.php' script.
My Little Weblog is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input to the 'action' parameter of the 'weblog.php' script.
Exploit / POC
My Little Weblog Weblog.php Cross-Site Scripting Vulnerability
An attacker can exploit this vulnerability via a web client.
The following proof-of-concept URI is available:
www.example.com/weblog.php?action="><script>alert('XSS')</script><
An attacker can exploit this vulnerability via a web client.
The following proof-of-concept URI is available:
www.example.com/weblog.php?action="><script>alert('XSS')</script><
Solution / Fix
My Little Weblog Weblog.php Cross-Site Scripting Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
References
My Little Weblog Weblog.php Cross-Site Scripting Vulnerability
References:
References:
- My Little Weblog Homepage (My Little Weblog)