`------------------------------------------------------------------
- Cute Guestbook Remote XSS Exploit -
-= http://colander.altervista.org/advisory/CuteGuestbook.txt =-
------------------------------------------------------------------
-= Cute Guestbook =-
Omnipresent
May 04, 2006
Vunerability(s):
----------------
XSS Exploit
Product:
--------
Cute Guestbook
Vendor:
--------
http://www.scriptsez.net/index.php?action=detail&id=1086399301
Description of product:
-----------------------
PHP based guestbook requires no configuration and no database. Features: Bad words filter, number of messages per page,
total messages to keep in record, emoticons with comments and much more.
Platform(s): linux, windows
Date Added: Jun 5, 2004
Last Updated: Feb 11, 2006
Author: Scriptsez Inc.
Vulnerability / Exploit:
------------------------
The applications Cute Guestbook is vulnerable to an XSS (Cross-Site Scripting) Attack.
PoC / Proof of Concept:
-----------------------
An attacker can go to this URL:
http://www.victim_host/[path]/guestbook.php?action=sign
or
http://www.victim_host/[path]/guestbook.php
and then click on:
Click here to sign our Guestbook
Then insert in the field Name the Nick and in the field Comments put XSS like:
<script>alert("You are vulnerabile to XSS")</script>
Additional Informations:
------------------------
google dorks: "Powered By:Cute Guestbook"
Vendor Status
-------------
Not informed!
Credits:
--------
omnipresent
[email protected]
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation