ChipmunkBlogger improper input sanitizing
ChipmunkBlogger improper input sanitizing
Discovered by: Nomenumbra
Date: 6/4/2006
impact:moderate (privilege escalation,possible defacement)
Posts (potentially made by lower-privilege members) and profile names aren't
properly sanitized, thus resulting
in being vulnerable to the following kind of XSS injection:
<SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
The photo gallery input isn't sanitized either, by giving the following
input as an url we have a nice XSS attack:
javascript:alert(%27xss%27)
Nomenumbra/[0x4F4C]