Simple PHP Blog 0.4.0 Cross Site Scripting

2016.11.07

Credit: sh311c0d3r

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-79

[+] Credits: Boumediene KADDOUR AKA sh311c0d3r

[+] Website: http://www.pentestingskills.com

Vendor:
======================
http://www.simpleblogphp.com


Product:
===============================
Simple PHP Blog 0.4.0


Vulnerability Type:
=============================
Cross Site Scripting (XSS)


CVE Reference:
==============
N/A


Vulnerability Details:
=====================
The search bar on the search.php script doesn't properly sanitize user
supplied data, which
causes the script to be prone to a cross site scripting that in turns
allows an attacker to execute
JS instructions on the client side.


Exploit code(s):
================

http://192.168.43.167/internal/blog/search.php?q=%3Cscript%3Ealert%28%22SickApp%22%29%3C%2Fscript%3E


Disclosure:
=============================================
November 07/11/2016 : Public Disclosure


sh311c0d3r

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Simple PHP Blog 0.4.0 Cross Site Scripting

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.