Script : MJGuest 6.8 GT
Type : Cross Site Scripting Vulnerability
Alert : Medium
Discovered by : Khashayar Fereidani
Our Team : IRCRASH
My Official Website : HTTP://FEREIDANI.IR
Khashayar Fereidani Email : irancrash [ a t ] gmail [ d o t] com
Khashayar Fereidani Offical Website : HTTP://FEREIDANI.IR
Script Download : http://www.mdsjack.bo.it/files/mjguest_6.8gt.zip
XSS Vulnerability :
Invalid Code : ./guestbook.js.php => document.write('<a href="javascript:guestbook()">' + '<?php
echo $_GET['link']?>' + '</a>');
Vulnerable variable : link
Address : http://Example/guestbook.js.php?link=[XSS]
Solution : Filter link variable with htmlsepcialchars() function .
Tnx : God
HTTP://IRCRASH.COM