Tinyguestbook XSS

2012-01-09T00:00:00
ID SECURITYVULNS:DOC:27537
Type securityvulns
Reporter Securityvulns
Modified 2012-01-09T00:00:00

Description

Exploit Title: Tinyguestbook XSS

Date: 01/03/12

Author: G13

Software Link: http://code.google.com/p/tinyguestbook/

Category: webapps (php)

Vulnerability

There is no sanitation on the input of the msg variable. This allows malicious scripts to be added. This is a stored XSS

Vendor Notification

12/23/11 - Vendor Notified. 12/27/11 - Vendor email. 01/03/12 - No response, disclosure

Affected Variables

Msg=[XSS]

Exploit

The script can be added right in the page, there is no filtering of input.