???summary
software: simplog
vendors website: http://daverave.64digits.com/home.php?page=simplog
versions: <= 1.0.2
class: remote
status: unpatched
exploit: available
solution: not available
discovered by: retard and jim
risk level: medium
??? description
simplog does not sanatise blog posts allowing users to insert
html into posts causing a xss vulnerability. also, the application
uses global variables for includes allowing users to include
other .txt files than the inteded target
??? credit
author(s): retard and jim
email: retard (at) 30gigs (dot) com [email concealed]
Feedback :
If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com.