[::::::::::::::::::::::::::::::::::::::0x1::::::::::::::::::::::::::::::::::::::]>> General Information
Advisory/Exploit Title = Sethi Family Guestbook XSS Vulnerabilities
Author = Valentin Hoebel
Contact = valentin@xenuser.org
[::::::::::::::::::::::::::::::::::::::0x2::::::::::::::::::::::::::::::::::::::]>> Product information
Name = Sethi Family Guestbook
Vendor = Sethi
Vendor Website = http://www.sethi.org/
Affected Version(s)=3.1.8[::::::::::::::::::::::::::::::::::::::0x3::::::::::::::::::::::::::::::::::::::]>>#1 Vulnerability
Type = XSS
Example URI = index.php?start=XX&number=~~XSS~~&bg=XX&f=XX
>>#2 Vulnerability
Type = XSS
Injecting HTML/JavaScript in normal guestbook entries is possible, e.g.try<iframe>and<script> tags.[::::::::::::::::::::::::::::::::::::::0x4::::::::::::::::::::::::::::::::::::::]>> Additional Information
Advisory/Exploit Published =24.04.2010[::::::::::::::::::::::::::::::::::::::0x5::::::::::::::::::::::::::::::::::::::]>> Misc
Greetz && Thanks = inj3ct0r team, Exploit DB, hack0wn and ExpBase!
<3 packetstormsecurity.org!
[:::::::::::::::::::::::::::::::::::::: EOF ::::::::::::::::::::::::::::::::::::::]
