[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

BlogPHP v2 Persistent XSS Vulnerability

Author
Paulzz
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-16636
Category
web applications
Date add
09-08-2011
Platform
php
# Exploit Title: BlogPHP v2 - XSS
# Google Dork: "Copyright ©2006 Powered by www.blogphp.net"
# Date: 09/08/2011
# Author: Paul Maaouchy( Paulzz )
# Software Link: http://sourceforge.net/projects/blogphpscript/files/blogphpscript/2.0/BlogPHPv2.zip/download
# Version: v2
# Tested on:
# CVE :
How to exploit:
1- Go there : http://localhost/blogphp/register.html.
2- Put in the Username field the XSS Code.  Example:<META http-equiv="refresh" content="0;URL=http://www.google.com">  .
3- Put anything in the other field ( Password & E-mail).
4- Now anyone go there : http://localhost/blogphp/members.html will redirected to google.com OR exploit your XSS Code.
 
Paul Maaouchy ( Paulzz )
Contact me
@ spy.xp@hotmail.com
@ paul.maaouchy@gmail.com
@ paulmeouchi@paulmeouchi.com



#  0day.today [2024-12-25]  #