MyGuestbook 1.0 Script Injection Vulnerability

2014-07-01T00:00:00
ID SSV:75259
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00

Description

No description provided by source.

                                        
                                            
                                                source: http://www.securityfocus.com/bid/4651/info

MyGuestbook is freely available guestbook software. It will run on most Unix and Linux variants, as well as Microsoft Windows operating systems.

MyGuestbook does not adequately filter script code from various fields. This may enable an attacker to inject script code which will be executed in the web client of an arbitrary user who views the guestbook.

Attackers may potentially exploit this issue to hijack web content or to steal cookie-based authentication credentials. 

Sign up and post using the "name"
<script>alert('evil+java+script+here')</script>

or

When posting comments just insert the
<script>alert('evil+java+script+here')</script>
to the comments field.