[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Jbook Cross Site Scripting

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Jbook Cross Site Scripting
From: root__@xxxxxxxxxxxxx
Date: 10 Apr 2006 09:54:21 -0000

Title : Jbook Cross Site Scripting
Author: Mourad aka Psych0
Moroccan Security Team
Vendor: www.jmuller.net
Version: 1.3

Jbook Guestbook is a PHP/MySQL based guestbook script.

Vulnerability in index.php, this issue can allow an 
attacker to bypass content filters and potentially carry out xss attacks.

Example:

http://target/path/index.php?page=[xsscode]

Prev by Date: [eVuln] phpNewsManager Multiple SQL Injections
Next by Date: phpMyForum Cross Site Scripting & CRLF injection
Previous by thread: Re: Re: PHPList <= 2.10.2 remote commands execution
Next by thread: phpMyForum Cross Site Scripting & CRLF injection
Index(es):
- Date
- Thread