|
Family: CGI abuses : XSS --> Category: infos
pLog User Registration HTML Injection Vulnerability Vulnerability Scan
Vulnerability Scan Summary Searches for the existence of pLog
Detailed Explanation for this Vulnerability Test
The remote host is running pLog, a blogging system written in PHP.
The remote version of this software does not perform a proper validation
of user-supplied input, and is therefore vulnerable to a cross-site scripting
attack.
To exploit this flaw, a possible hacker would need to use the script 'register.php'
to register a user profile containing HTML and script code as his name or
blog.
Regular users of the remote website would then display the HTML and/or script
code in their browser when visiting the page 'summary.php'.
Solution : Upgrade to pLog 0.3.3 or newer
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|