XSS, HTML Injection and Cookie Manipulation
in BlogPHP v2.0
http://www.blogphp.net/

by David Sopas Ferreira 
<smok3f00 at gmail.com>
<www.davidsopas.com>

Found and reported at 	: 5-05-2008PT
Full disclosure at	: 10-05-2008PT 	


?!---------------------------------------------------------
  Flaws
  -----!?

XSS attack on the variable user:

<PoC>
index.php?act=sendmessage&user=admin%22%3E%3Cscript%3Ealert(/xss/)%3C/script%3E
</PoC>


HTML Injection:

A malicious user could register with a name with HTML/Javascript code on it
and it will be executed on some of the script webpages.


Cookie manipulation:

It's possible to manipulate the cookie changing the blogphp_username to whatever
a user want and then could post msg/commentaries under that name.


?!---------------------------------------------------------
  Solution
  --------!?

Edit the source code to ensure that input is properly sanitised.