Sethi Family Guestbook 3.1.8 – Cross-Site Scripting

• Exploit Database
• 13 阅读

• 作者： Valentin
  日期： 2010-04-24
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/12373/

• [:::::::::::::::::::::::::::::::::::::: 0x1 ::::::::::::::::::::::::::::::::::::::]
  >> General Information 
  Advisory/Exploit Title = Sethi Family Guestbook XSS Vulnerabilities
  Author = Valentin Hoebel
  Contact = valentin@xenuser.org
  
  
  [:::::::::::::::::::::::::::::::::::::: 0x2 ::::::::::::::::::::::::::::::::::::::]
  >> Product information
  Name = Sethi Family Guestbook
  Vendor = Sethi
  Vendor Website = http://www.sethi.org/
  Affected Version(s) = 3.1.8
  
   
  [:::::::::::::::::::::::::::::::::::::: 0x3 ::::::::::::::::::::::::::::::::::::::]
  >> #1 Vulnerability
  Type = XSS
  Example URI = index.php?start=XX&number=~~XSS~~&bg=XX&f=XX
  
  >> #2 Vulnerability
  Type = XSS
  Injecting HTML/JavaScript in normal guestbook entries is possible, e.g. try
  <iframe> and <script> tags.
  
  
  [:::::::::::::::::::::::::::::::::::::: 0x4 ::::::::::::::::::::::::::::::::::::::]
  >> Additional Information
  Advisory/Exploit Published = 24.04.2010
  
  
  [:::::::::::::::::::::::::::::::::::::: 0x5 ::::::::::::::::::::::::::::::::::::::]
  >> Misc
  Greetz && Thanks = inj3ct0r team, Exploit DB, hack0wn and ExpBase!
  <3 packetstormsecurity.org!
  
  
  [:::::::::::::::::::::::::::::::::::::: EOF ::::::::::::::::::::::::::::::::::::::]