simplog 0.9.3 and prior XSS

2006.08.11

Credit: HeLiOsZ - Dark End Team

Risk: Low

Local: No

Remote: Yes

CVE: CVE-2006-4058

CWE: CWE-79

Dork: allinurl:simplog/archive.php

CVSS Base Score: 6.8/10

Impact Subscore: 6.4/10

Exploitability Subscore: 8.6/10

Exploit range: Remote

Attack complexity: Medium

Authentication: No required

Confidentiality impact: Partial

Integrity impact: Partial

Availability impact: Partial

## HeLiOsZ - Dark End Team - Internet Security Team
## simplog 0.9.3 and prior XSS

## IRC: darkend.sytes.net #darkend , http://darkend.sytes.net & 
http://www.darkend.org
## Rish : Medium
## Type : web applet

## Creator: http://www.simplog.org/

## Exploit:
- The vuln is in the search section,it don't validate the imput.
  To exploit this vuln you simply need an Internet Browser,you must only use 
a cookie
  logger to get the Blog cookies.
  To know if it is vulnerable: <script>alert('This is an XSS 
Vulnerability')</script>

## Dork: allinurl:simplog/archive.php

_________________________________________________________________
Don't just search. Find. Check out the new MSN Search! 
http://search.msn.com/

See this note in RAW Version

Vote for this issue:

50%

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

simplog 0.9.3 and prior XSS

Dork: allinurl:simplog/archive.php

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

simplog 0.9.3 and prior XSS

Dork: allinurl:simplog/archive.php

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.