<<< Date Index >>>     <<< Thread Index >>>

FTPoed Blog Engine =>v1.1 HTML Injection Vulnerability



FTPoed is prone to HTML injection attacks. It is possible for a malicious 
FTPoed user to inject hostile HTML code into the commentary via form fields. 
This code may be rendered in the browser of a web user who views the commentary 
of FTPoed.
FTPoed does not adequately filter HTML tags from various fields. This may 
enable an attacker to inject arbitrary script code into pages that are 
generated by the FTPoed 


EXPLOIT
Write <script>alert('test')</script> in a body of a message.