|
HSC Research Group -
Advisories
|
|
Written by Hackers Center
|
|
Friday, 01 December 2006 23:12 |
 ###############################################################
---------------------------- [HSC] HackersCenter IT Security Research Team ---------------------------
###############################################################
A free blog service that integrates weblogs and wiki features.
WikyBlog is a very popular wiki used by many organizations. The most current version of WikyBlog is vulnerable!
Vendor: www.wikyblog.com
Exploit Link: www.wikyblog.com/Special/Main/ControlPanel
The login and Search forms are vul due to error in validation input. This Script attack allows attacker to deface or even compromise the website.
Proof of concept: http://img182.imageshack.us/img182/8129/wikinu0.png
One may google Powered by WikyBlog and get all sites with the current vulnarbility!
XSS Scripts:
<script>alert(String.fromCharCode(88,83,83))</script>
<script>alert(document.cookie);</script>
<script>alert("XSS");</script>
"><plaintext>
- Need Fix? Contact www.securityforge.com
|
