- Techno Dreams GuestBook Remote XSS Exploit -
-= Techno Dreams GuestBook Latetest Version =-
Omnipresent May 04, 2006
Techno Dreams GuestBook Latetest Version
A free ready to use Guest Book ASP script. It uses MS Access with ability to be upgraded into SQL. Now, we've added an Admin Area for the script (not in the demo). Special thanks for Victor Hugo Sosa Esquivel for the Spanish Translation.
The application is vulnerable to an XSS (Cross-Site Scripting) Attack.
If the poster post in the field *comments: (after click on Sign Our GuestBook) the follow script
<script>alert("You are vulnerabile to XSS")</script>
When a user go to see the blog he receive the message "You are vulnerabile to XSS".