Title: DotClear 1.2.5 XSS

Date Discovered: 8/5/2006

Date Published:  8/21/2006

Find By: Stoun tgx874sah[at]yahoo.fr

Script: DotClear 1.2.5

Vendor: DotClear http://www.dotclear.net/


Overview:

DotClear is a php based app to manage blog rich of feature. see http://www.dotclear.net/en/features.html

Bug:

the bug reside on the ecrire/auth.php script that dosen't filter the user supplied data in the user_id
input and allowing the attacker to steal cookies (contain md5 passwd).

Vendor Status: NOT INFORMED