Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:11709
HistoryMar 06, 2006 - 12:00 a.m.

evoBlog Remote Name tag Script injection

2006-03-0600:00:00
vulners.com
8

DESCRIPTION
evoBlog is prone to HTML injection attacks. It is possible for a malicious evoBlog user to inject hostile
HTML and script code into the commentary via form fields. This code may be rendered in the browser of a web
user who views the commentary of evoBlog.
evoBlog does not adequately filter HTML tags from various fields. This may enable an attacker to inject
arbitrary script code into pages that are generated by the evoBlog.

All versions are vulnerable.

EXPLOIT

Write and HTML script for example: <script>alert('test')</script> in the name tag.

HOMEPAGE
http://www.ajaxreview.com/