[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Guestserver guestbook system vulnerabilities

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Guestserver guestbook system vulnerabilities
From: jaakko@xxxxxxxx
Date: 11 Dec 2005 17:42:30 -0000

The poor security and input validation at Guestserver versions below 5 ( there 
are still lots of them out there ) allow all HTML tags inside a message and it 
can be exploited as much as you want to.

http://www.stud.ntnu.no/~larsell/guestserver/

A Google Search for "Guestbook by  Guestserver - v4.12" for example comes up 
with tons of vulnerable sites.

Prev by Date: [ GLSA 200512-03 ] phpMyAdmin: Multiple vulnerabilities
Next by Date: Re: [Full-disclosure] [scip_Advisory] NetGear RP114 Flooding Denial ofService
Previous by thread: [ GLSA 200512-03 ] phpMyAdmin: Multiple vulnerabilities
Next by thread: Re: [Full-disclosure] [scip_Advisory] NetGear RP114 Flooding Denial ofService
Index(es):
- Date
- Thread