myPHP Guestbook index.php lang Variable XSS

2006-06-09T09:18:59
ID OSVDB:26422
Type osvdb
Reporter OSVDB
Modified 2006-06-09T09:18:59

Description

Manual Testing Notes

http://[target]/myphp/index.php?lang="<script>alert(1337)</script>

References:

Vendor URL: http://www.networkarea.ch/php_mysql_guestbook.html Secunia Advisory ID:20572 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-06/0190.html FrSIRT Advisory: ADV-2006-2308 CVE-2006-3062