Re[2]: Light Blog 4.1 XSS Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re[2]: Light Blog 4.1 XSS Vulnerability
From: BlackHawk <hawkgotyou@xxxxxxxxx>
Date: Tue, 3 Jul 2007 13:52:31 +0200
Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:date:from:x-mailer:reply-to:x-priority:message-id:to:subject:in-reply-to:references:mime-version:content-type:content-transfer-encoding; b=PER1B2j0KfNf8+cdgO1xEb6dNWXMM7I9ZE2HkntqyN6jbvk4H01XawvQp7ZtTeQHr4X8FFxXUwcogGogPduiUiuDwJHz18Q5ksmkTsFVG87FZNUJh9y3uapgt40lNmz7UTr2iZxukT9CRrcMimfUOBE5hdusa3MB8suaZ0A2txg=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:date:from:x-mailer:reply-to:x-priority:message-id:to:subject:in-reply-to:references:mime-version:content-type:content-transfer-encoding; b=j0HzDmPtScgfQZl+21wLaDNtmYauoOieivCiZchMxQM2XC2FgCXs9qED1VkWF5zqlDz1X9QpVl94lp6F/pAaIKSYvNAk9N54hUebbFeiChE6oagaiDkq4b/hTCs34Ln+9dYDtINYfj2xQc2qL+KI90k4x6azkzd719QdyZT0vxM=
In-reply-to: <20070630183949.26352.qmail@xxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <20070630183949.26352.qmail@xxxxxxxxxxxxxxxxx>
Reply-to: BlackHawk <hawkgotyou@xxxxxxxxx>

Hello prodigy,

i suggest to not download it at all..
look at main.php, no check for admin rights, you can post up every php
files you want.. ;)


Saturday, June 30, 2007, 8:39:49 PM, you wrote:

> The information on this website is incorrect. Do not download this
> version as it is not fixed. For a fixed version, download version 6+
> from http://www.publicwarehouse.co.uk/php_scripts/lightblog.php

> There also was never a file called Light.php, There isn't a file
> called LightBlog.zip. I suggest asking for information before guessing.

-- 
Best regards,
 BlackHawk                            mailto:hawkgotyou@xxxxxxxxx

References:
- Re: Light Blog 4.1 XSS Vulnerability
  - From: prodigy . zero

Prev by Date: Buffer overflow in HP Instant Support Driver Check (SDD) ActiveX control
Next by Date: iPhone Security Settings
Previous by thread: Re: Light Blog 4.1 XSS Vulnerability
Next by thread: FLEA-2007-0021-2: madwifi
Index(es):
- Date
- Thread