- Newswriter v1.0 Remote XSS Exploit -
-= Newswriter v1.0 =-
Omnipresent
May 20, 2006
XSS Exploit
Newswriter v1.0
http://newswriter2005.sourceforge.net/
Newswriter is a software that can allow you to write, administrate, illustrate and to show your news.
The application is vulnerable to an XSS Attack, after administrator login in the application.
After the administrator or a malicious people get access to the Administrator Pannel, if he inserts a comment like:
<script>alert("You are vulnerabile to XSS")</script>
When a user go to see this page:
http://127.0.0.1/[path_of_newswriter]/index.php
he see the alert message.
google dorks: Copyright © 2004 Udo Seiler - Webfire.org NewsWriter
Not informed!
omnipresent
[email protected]