oss-sec mailing list archives
Re: Stored XSS vulnerability in BlogoText <= 3.7.5
From: chbi () chbi eu
Date: Mon, 9 Oct 2017 19:51:02 +0200
FYI After further investigation, I've discovered that with this XSS vulnerability it is also possible, for an unauthenticated user, to upload a simple php web shell to execute code on the server. -- chbi https://chbi.eu GPG: 3DE9 9187 4BE9 EAE6 3CA8 DC20 BA7B 93F9 9037 AE7E https://chbi.eu/chbi.asc
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- Stored XSS vulnerability in BlogoText <= 3.7.5 chbi (Oct 01)
- Re: Stored XSS vulnerability in BlogoText <= 3.7.5 chbi (Oct 01)
- Re: Stored XSS vulnerability in BlogoText <= 3.7.5 chbi (Oct 09)
- Re: Stored XSS vulnerability in BlogoText <= 3.7.5 chbi (Oct 01)