HeLiOsZ - Dark End Team - Internet Security Team
simplog 0.9.3 and prior XSS
http://www.darkend.org
Rish : Medium
Type : web applet
Exploit:
- The vuln is in the search section,it don't validate the imput.
To exploit this vuln you simply need an Internet Browser,you must only use
a cookie
logger to get the Blog cookies.
To know if it is vulnerable: <script>alert('This is an XSS
Vulnerability')</script>
Dork: allinurl:simplog/archive.php
Don't just search. Find. Check out the new MSN Search!
http://search.msn.com/