AOH :: HP Unsorted S :: B06-4085.HTM

simplog 0.9.3 and prior XSS



simplog 0.9.3 and prior XSS
simplog 0.9.3 and prior XSS



## HeLiOsZ - Dark End Team - Internet Security Team
## simplog 0.9.3 and prior XSS

## IRC: darkend.sytes.net #darkend , http://darkend.sytes.net & 
http://www.darkend.org 
## Rish : Medium
## Type : web applet

## Creator: http://www.simplog.org/ 

## Exploit:
- The vuln is in the search section,it don't validate the imput.
  To exploit this vuln you simply need an Internet Browser,you must only use 
a cookie
  logger to get the Blog cookies.
  To know if it is vulnerable: 

## Dork: allinurl:simplog/archive.php

_________________________________________________________________
Don't just search. Find. Check out the new MSN Search! 
http://search.msn.com/ 


The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.