BlogEngine.NET 1.4 - 'search.aspx' Cross-Site Scripting

EDB-ID:

32874

CVE:

2008-6476

EDB Verified:

Author:

sk

Type:

webapps

Exploit:   /  

Platform:

ASP

Date:

2009-04-01

Vulnerable App: 
source: https://www.securityfocus.com/bid/34227/info

BlogEngine.NET is prone to a cross-site scripting vulnerability.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to steal cookie-based authentication credentials.

BlogEngine.NET 1.4 is vulnerable; other versions may also be affected.

http://www.example.com/blog/search.aspx?q="><script>alert(&#039;ImBeded%20JS&#039;)</script>
Tags:
Advisory/Source: Link
Downloads Certifications Training Professional Services
Kali Linux OSCP Penetration Testing with Kali Linux (PWK) (PEN-200)
All new for 2020 		Penetration Testing
Kali NetHunter OSWP Offensive Security Wireless Attacks (WiFu) (PEN-210) Advanced Attack Simulation
Kali Linux Revealed Book OSEP Evasion Techniques and Breaching Defences (PEN-300)
All new for 2020 		Application Security Assessment
OSWE Advanced Web Attacks and Exploitation (AWAE) (WEB-300)
Updated for 2020
OSED Windows User Mode Exploit Development (EXP-301)
All new for 2021
OSEE
KLCP [Free] Kali Linux Revealed
Kali Linux Kali NetHunter Kali Linux Revealed Book
OSCP OSWP OSEP OSWE OSED OSEE KLCP
- Penetration Testing with Kali Linux (PWK) (PEN-200)
All new for 2020 Offensive Security Wireless Attacks (WiFu) (PEN-210) Evasion Techniques and Breaching Defences (PEN-300)
All new for 2020 Advanced Web Attacks and Exploitation (AWAE) (WEB-300)
Updated for 2020 Windows User Mode Exploit Development (EXP-301)
All new for 2021 [Free] Kali Linux Revealed
Penetration Testing Advanced Attack Simulation Application Security Assessment