@lex Guestbook 4.0.1 : Full Path Disclosure & XSS

2006-12-01T00:00:00
ID SECURITYVULNS:DOC:15268
Type securityvulns
Reporter Securityvulns
Modified 2006-12-01T00:00:00

Description

@lex Guestbook 4.0.1

Vendor site: http://www.alexphpteam.com/ Product: @lex Guestbook 4.0.1 Vulnerability: Full Path Disclosure & XSS Credits: Mr_KaLiMaN Reported to Vendor: 24.11.06 Public disclosure: 30.11.06

Description:

Full Path Disclosure: http://[victim]/[guestbook_path]/index.php?skin=[non-existent_skin]

XSS: http://[victim]/[guestbook_path]/index.php?skin=[XSS]