Lucene search
K

CuteGuestbook.txt

🗓️ 06 May 2006 00:00:00Reported by OmnipresentType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 25 Views

Cute Guestbook XSS vulnerability, PHP based with bad words filter

Code
`------------------------------------------------------------------  
- Cute Guestbook Remote XSS Exploit -  
-= http://colander.altervista.org/advisory/CuteGuestbook.txt =-  
------------------------------------------------------------------  
  
-= Cute Guestbook =-  
  
  
  
Omnipresent  
May 04, 2006  
  
  
Vunerability(s):  
----------------  
XSS Exploit  
  
  
Product:  
--------  
Cute Guestbook  
  
Vendor:  
--------  
http://www.scriptsez.net/index.php?action=detail&id=1086399301  
  
  
Description of product:  
-----------------------  
  
PHP based guestbook requires no configuration and no database. Features: Bad words filter, number of messages per page,   
total messages to keep in record, emoticons with comments and much more.  
  
Platform(s): linux, windows  
Date Added: Jun 5, 2004  
Last Updated: Feb 11, 2006  
Author: Scriptsez Inc.  
  
  
Vulnerability / Exploit:  
------------------------  
  
The applications Cute Guestbook is vulnerable to an XSS (Cross-Site Scripting) Attack.  
  
PoC / Proof of Concept:  
-----------------------  
  
An attacker can go to this URL:  
  
http://www.victim_host/[path]/guestbook.php?action=sign  
  
or  
  
http://www.victim_host/[path]/guestbook.php  
  
and then click on:  
  
Click here to sign our Guestbook  
  
Then insert in the field Name the Nick and in the field Comments put XSS like:  
<script>alert("You are vulnerabile to XSS")</script>  
  
  
  
Additional Informations:  
------------------------  
  
google dorks: "Powered By:Cute Guestbook"  
  
Vendor Status  
-------------  
  
Not informed!  
  
Credits:  
--------  
omnipresent  
[email protected]  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

06 May 2006 00:00Current
7.4High risk
Vulners AI Score7.4
25