BlogEngine.NET 1.4 - 'search.aspx' Cross-Site Scripting

EDB-ID:

32874

CVE:

2008-6476

EDB Verified:

Author:

sk

Type:

webapps

Exploit:   /  

Platform:

ASP

Date:

2009-04-01

Vulnerable App:
Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED 

source: https://www.securityfocus.com/bid/34227/info

BlogEngine.NET is prone to a cross-site scripting vulnerability.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to steal cookie-based authentication credentials.

BlogEngine.NET 1.4 is vulnerable; other versions may also be affected.

http://www.example.com/blog/search.aspx?q="><script>alert(&#039;ImBeded%20JS&#039;)</script>
Tags:
Advisory/Source: Link
Downloads Certifications Training Professional Services
Kali Linux OSCP Penetration Testing with Kali Linux (PWK) Penetration Testing
Kali NetHunter OSWP Advanced Web Attacks and Exploitation (AWAE) Advanced Attack Simulation
Kali Linux Revealed Book OSCE Offensive Security Wireless Attacks (WiFu) Application Security Assessment
OSEE Cracking the Perimeter (CTP)
OSWE Metasploit Unleashed (MSFU)
KLCP Free Kali Linux Training
Kali Linux Kali NetHunter Kali Linux Revealed Book
OSCP OSWP OSCE OSEE OSWE KLCP
Penetration Testing with Kali Linux (PWK) Advanced Web Attacks and Exploitation (AWAE) Offensive Security Wireless Attacks (WiFu) Cracking the Perimeter (CTP) Metasploit Unleashed (MSFU) Free Kali Linux training
Penetration Testing Advanced Attack Simulation Application Security Assessment