DVguestbook dv_gbook.php f Variable XSS

2006-03-05T11:02:33
ID OSVDB:23701
Type osvdb
Reporter OSVDB
Modified 2006-03-05T11:02:33

Description

Technical Description

This vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).

Manual Testing Notes

http://[target]/path/dv_gbook.php?d=0&f='"><script>alert(document.cookie)</script>

References:

Vendor URL: http://www.digitalvisionscripts.com/ Secunia Advisory ID:19098 Other Advisory URL: http://biyosecurity.be/bugs/dvguestbook.txt Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-02/0738.html