UBlog Remote XSS Exploit

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: UBlog Remote XSS Exploit
From: SnoBMSN@xxxxxxxxxx
Date: 7 May 2006 06:50:23 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Vunerability(s):
----------------
XSS Exploit


Product:
--------
UBlog 1.6 Access Edition

Vendor:
--------
http://www.uapplication.com/ublog/index.asp


Description of product:
-----------------------

Blog archive by date; Possibility to comment a blog; Notify via email; Password 
protected; 
Amend or remove blogs or comments; On-line configuration; Multilanguage 
support; Completely customisable look through 
CSS etc. Code: ASP 2.0 & VBScript


Vulnerability / Exploit:
------------------------

The applications UBlog is vulnerable to an XSS (Cross-Site Scripting) Attack.


PoC / Proof of Concept:
-----------------------

If the poster post in the field *text: the follow script

<script>alert("You are vulnerabile to XSS")</script>

When a user go to see the blog he receive the message "You are vulnerabile to 
XSS". 
This is very boring.

Additional Information:
-----------------------

Google dorks: "Powered by UBlog"


Vendor Status
-------------

The vendor is informed!

Credits:

Cyber-Security.ORG | Turkish Hacking & Security
Security advisory by SnoB

Prev by Date: Re: Firefox 1.5.0.3 code execution exploit
Next by Date: Re: OpenVPN 2.0.7 and below: Remote OpenVPN Management Interface Flaw
Previous by thread: Re: Oracle - the last word
Next by thread: [ MDKSA-2006:084 ] - Updated MySQL packages fix several vulnerabilities
Index(es):
- Date
- Thread