Exploit Database - Logo

Yblog - 'tem.php' Cross-Site Scripting

EDB-ID: 28733 Author: You_You Published: 2006-09-30
CVE: CVE-2006-5146 Type: Webapps Platform: PHP
Aliases: N/A Advisory/Source: Link Tags: N/A
E-DB Verified: Verified Exploit: Download Exploit Code Download / View Raw Vulnerable App: N/A
« Previous Exploit Next Exploit » 
source: http://www.securityfocus.com/bid/20280/info
 
Yblog is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data.
 
An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
 
http://www.example.com[path]/tem.php?action="><script>alert('test!')</script><
« Previous Exploit Next Exploit »

Related Exploits

Trying to match CVEs (1): CVE-2006-5146
Trying to match OSVDBs (1): 32327
Other Possible E-DB Search Terms: Yblog
Date D V Title Author
2006-01-25 Verified CheesyBlog 1.0 - Multiple HTML Injection VulnerabilitiesAliaksandr ...
2007-04-16 Verified MyBlog 0.9.8 - 'Settings.php' Authentication BypassBlackHawk
2008-09-22 Verified MyBlog 0.9.8 - Insecure Cookie HandlingPepelux
2007-04-08 Verified MyBlog: PHP and MySQL Blog/CMS software - Remote File Inclusionthe_Edit0r
2008-06-23 Verified MyBlog: PHP and MySQL Blog/CMS software - SQL Injection / Cross-Site ScriptingCWH Undergr...
2005-05-05 Verified MyBloggie 2.1 - 'index.php' Cross-Site ScriptingAlberto Tri...
2005-05-31 Verified MyBloggie 2.1.1 < 2.1.2 - SQL InjectionAlberto Tri...
2006-03-09 Verified MyBloggie 2.1.2/2.1.3 - 'addcat.php' Cross-Site Scriptingenji@infosy...
2006-03-09 Verified MyBloggie 2.1.2/2.1.3 - 'adduser.php' Cross-Site Scriptingenji@infosy...
2006-03-09 Verified MyBloggie 2.1.2/2.1.3 - 'del.php' Cross-Site Scriptingenji@infosy...
2006-03-09 Verified MyBloggie 2.1.2/2.1.3 - 'delcat.php' Cross-Site Scriptingenji@infosy...
2006-03-09 Verified MyBloggie 2.1.2/2.1.3 - 'delcomment.php' Cross-Site Scriptingenji@infosy...
2006-03-09 Verified MyBloggie 2.1.2/2.1.3 - 'deluser.php' Cross-Site Scriptingenji@infosy...
2006-03-09 Verified MyBloggie 2.1.2/2.1.3 - 'editcat.php' Cross-Site Scriptingenji@infosy...
2006-03-09 Verified MyBloggie 2.1.2/2.1.3 - 'edituser.php' Cross-Site Scriptingenji@infosy...
2006-03-09 Verified MyBloggie 2.1.2/2.1.3 - 'trackback_url' Cross-Site Scriptingenji@infosy...
2006-03-09 Verified MyBloggie 2.1.2/2.1.3 - 'upload.php' Cross-Site Scriptingenji@infosy...
2006-05-06 Verified MyBloggie 2.1.2/2.1.3 - BBCode IMG Tag HTML Injectionzerogue
2006-08-07 Verified MyBloggie 2.1.4 - 'trackback.php' Multiple SQL Injectionsrgod
2007-01-17 Verified MyBloggie 2.1.5 - 'index.php' Cross-Site ScriptingCorryL
2007-01-17 Verified MyBloggie 2.1.5 - 'login.php' Cross-Site ScriptingCorryL
2008-06-30 Verified MyBloggie 2.1.6 - Multiple SQL InjectionsJesper Jurc...
2007-05-31 Verified MyBloggie 2.1.x - 'index.php' Multiple SQL Injectionsls@calima.s...
2006-10-05 Verified WikyBlog 1.2.x - 'index.php' Remote File InclusionMoHaNdKo
2008-10-01 Verified WikyBlog 1.7.1 - Multiple Cross-Site Scripting VulnerabilitiesOmer Singer
Menu