Sethi Family Guestbook 3.1.8 – Cross-Site Scripting

• Exploit Database
• 109 阅读

• 作者： Valentin
  日期： 2010-04-24
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/12373/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39

  [:::::::::::::::::::::::::::::::::::::: 0x1 ::::::::::::::::::::::::::::::::::::::] >> General Information Advisory/Exploit Title = Sethi Family Guestbook XSS Vulnerabilities Author = Valentin Hoebel Contact = valentin@xenuser.org     [:::::::::::::::::::::::::::::::::::::: 0x2 ::::::::::::::::::::::::::::::::::::::] >> Product information Name = Sethi Family Guestbook Vendor = Sethi Vendor Website = http://www.sethi.org/ Affected Version(s) = 3.1.8   [:::::::::::::::::::::::::::::::::::::: 0x3 ::::::::::::::::::::::::::::::::::::::] >> #1 Vulnerability Type = XSS Example URI = index.php?start=XX&number=~~XSS~~&bg=XX&f=XX   >> #2 Vulnerability Type = XSS Injecting HTML/JavaScript in normal guestbook entries is possible, e.g. try <iframe> and <script> tags.     [:::::::::::::::::::::::::::::::::::::: 0x4 ::::::::::::::::::::::::::::::::::::::] >> Additional Information Advisory/Exploit Published = 24.04.2010     [:::::::::::::::::::::::::::::::::::::: 0x5 ::::::::::::::::::::::::::::::::::::::] >> Misc Greetz && Thanks = inj3ct0r team, Exploit DB, hack0wn and ExpBase! <3 packetstormsecurity.org!     [:::::::::::::::::::::::::::::::::::::: EOF ::::::::::::::::::::::::::::::::::::::]