MegaBook 1.1/2.0/2.1 - Multiple HTML Injection Vulnerabilities

ID EDB-ID:22843
Type exploitdb
Reporter Morning Wood
Modified 2003-06-29T00:00:00


MegaBook 1.1/2.0/2.1 Multiple HTML Injection Vulnerabilities. Webapps exploit for cgi platform


MegaBook is prone to multiple HTML injection vulnerabilities. This is due to insufficient sanitization of HTML and script code from user-supplied input, including input supplied to the administrative login page and via the client HTTP User-Agent: header field. Exploitation of these issues could permit hostile HTML or script code to be injected into the guestbook system and rendered in the browser of a legitimate guestbook user.<script>alert('wvs-xss-magic-string-188784308');</script>'><script>alert('wvs-xss-magic-string-486624156');</script>"><script>alert('wvs-xss-magic-string-1852691616');</script>><script>alert('wvs-xss-magic-string-429380114');</script></textarea><script>alert('wvs-xss-magic-string-723975367');</script>