Exploit Database - Logo

Yblog - 'tem.php' Cross-Site Scripting

EDB-ID: 28733 Author: You_You Published: 2006-09-30
CVE: CVE-2006-5146 Type: Webapps Platform: PHP
Aliases: N/A Advisory/Source: Link Tags: N/A
E-DB Verified: Verified Exploit: Download Exploit Code Download / View Raw Vulnerable App: N/A
« Previous Exploit Next Exploit » 
source: http://www.securityfocus.com/bid/20280/info
 
Yblog is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data.
 
An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
 
http://www.example.com[path]/tem.php?action="><script>alert('test!')</script><

Related Exploits

Trying to match CVEs (1): CVE-2006-5146
Trying to match OSVDBs (1): 32327
Other Possible E-DB Search Terms: Yblog
Date D V Title Author
2006-01-25Download Exploit Code Verified CheesyBlog 1.0 - Multiple HTML Injection VulnerabilitiesAliaksandr ...
2008-09-22Download Exploit Code Verified MyBlog 0.9.8 - Insecure Cookie HandlingPepelux
2007-04-16Download Exploit Code Verified MyBlog 0.9.8 - Settings.php Authentication BypassBlackHawk
2007-04-08Download Exploit Code Verified MyBlog: PHP and MySQL Blog/CMS software - Remote File Inclusionthe_Edit0r
2008-06-23Download Exploit Code Verified MyBlog: PHP and MySQL Blog/CMS software - SQL Injection / Cross-Site ScriptingCWH Undergr...
2005-05-05Download Exploit Code Verified MyBloggie 2.1 - 'index.php' Cross-Site ScriptingAlberto Tri...
2005-05-31Download Exploit Code Verified MyBloggie 2.1.1 < 2.1.2 - SQL InjectionAlberto Tri...
2006-03-09Download Exploit Code Verified MyBloggie 2.1.2/2.1.3 - 'addcat.php' Cross-Site Scriptingenji@infosy...
2006-03-09Download Exploit Code Verified MyBloggie 2.1.2/2.1.3 - 'adduser.php' Cross-Site Scriptingenji@infosy...
2006-03-09Download Exploit Code Verified MyBloggie 2.1.2/2.1.3 - 'del.php' Cross-Site Scriptingenji@infosy...
2006-03-09Download Exploit Code Verified MyBloggie 2.1.2/2.1.3 - 'delcat.php' Cross-Site Scriptingenji@infosy...
2006-03-09Download Exploit Code Verified MyBloggie 2.1.2/2.1.3 - 'delcomment.php' Cross-Site Scriptingenji@infosy...
2006-03-09Download Exploit Code Verified MyBloggie 2.1.2/2.1.3 - 'deluser.php' Cross-Site Scriptingenji@infosy...
2006-03-09Download Exploit Code Verified MyBloggie 2.1.2/2.1.3 - 'editcat.php' Cross-Site Scriptingenji@infosy...
2006-03-09Download Exploit Code Verified MyBloggie 2.1.2/2.1.3 - 'edituser.php' Cross-Site Scriptingenji@infosy...
2006-03-09Download Exploit Code Verified MyBloggie 2.1.2/2.1.3 - 'trackback_url' Parameter Cross-Site Scriptingenji@infosy...
2006-03-09Download Exploit Code Verified MyBloggie 2.1.2/2.1.3 - 'upload.php' Cross-Site Scriptingenji@infosy...
2006-05-06Download Exploit Code Verified MyBloggie 2.1.2/2.1.3 - BBCode IMG Tag HTML Injectionzerogue
2006-08-07Download Exploit Code Verified MyBloggie 2.1.4 - 'trackback.php' Multiple SQL Injectionsrgod
2007-01-17Download Exploit Code Verified MyBloggie 2.1.5 - 'index.php' Cross-Site ScriptingCorryL
2007-01-17Download Exploit Code Verified MyBloggie 2.1.5 - 'login.php' Cross-Site ScriptingCorryL
2008-06-30Download Exploit Code Verified MyBloggie 2.1.6 - Multiple SQL InjectionsJesper Jurc...
2007-05-31Download Exploit Code Verified MyBloggie 2.1.x - 'index.php' Multiple SQL Injectionsls@calima.s...
2006-10-05Download Exploit Code Verified WikyBlog 1.2.x - 'index.php' Remote File InclusionMoHaNdKo
2008-10-01Download Exploit Code Verified WikyBlog 1.7.1 - Multiple Cross-Site Scripting VulnerabilitiesOmer Singer
Menu