logo
DATABASE RESOURCES PRICING ABOUT US

@lex Guestbook 4.0.1 : Full Path Disclosure & XSS

Description

@lex Guestbook 4.0.1 -------------------- Vendor site: http://www.alexphpteam.com/ Product: @lex Guestbook 4.0.1 Vulnerability: Full Path Disclosure & XSS Credits: Mr_KaLiMaN Reported to Vendor: 24.11.06 Public disclosure: 30.11.06 Description: ------------ Full Path Disclosure: http://[victim]/[guestbook_path]/index.php?skin=[non-existent_skin] XSS: http://[victim]/[guestbook_path]/index.php?skin=[XSS]