·= Security Advisory =· Issue: Cross Site Scripting (XSS) Vulnerability in "img.php" by Umberto Caldera. Discovered Date: 30/01/2007 Author: Tal Argoni [talargoni at gmail d0t com] Product Vendor: http://sourceforge.net/project/showfiles.php?group_id=88633 Ver: easymoblog-0.5.1 Details: EasyMoblog is prone to a Cross Site Scripting Vulnerability. The vulnerability exists in "img.php" file, caused by the lack of Input Validation/Filtering of quotation and HTML characters in the GET parameter "i". Contents of "img.php" --------------------------------- ... ...

... Exploitation URL: http://www.example.com/easymoblog/img.php?i=">