Sethi Family Guestbook v3.1.8 XSS Vulnerabilities

2010-04-24T00:00:00
ID 1337DAY-ID-11979
Type zdt
Reporter Valentin Hobel
Modified 2010-04-24T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            =================================================
Sethi Family Guestbook v3.1.8 XSS Vulnerabilities
=================================================

[:::::::::::::::::::::::::::::::::::::: 0x1 ::::::::::::::::::::::::::::::::::::::]
>> General Information
Advisory/Exploit Title = Sethi Family Guestbook XSS Vulnerabilities
Author = Valentin Hoebel
Contact = [email protected]
 
 
[:::::::::::::::::::::::::::::::::::::: 0x2 ::::::::::::::::::::::::::::::::::::::]
>> Product information
Name = Sethi Family Guestbook
Vendor = Sethi
Vendor Website = http://www.sethi.org/
Affected Version(s) = 3.1.8
 
  
[:::::::::::::::::::::::::::::::::::::: 0x3 ::::::::::::::::::::::::::::::::::::::]
>> #1 Vulnerability
Type = XSS
Example URI = index.php?start=XX&number=~~XSS~~&bg=XX&f=XX
 
>> #2 Vulnerability
Type = XSS
Injecting HTML/JavaScript in normal guestbook entries is possible, e.g. try
<iframe> and <script> tags.
 
 
[:::::::::::::::::::::::::::::::::::::: 0x4 ::::::::::::::::::::::::::::::::::::::]
>> Additional Information
Advisory/Exploit Published = 24.04.2010
 
 
[:::::::::::::::::::::::::::::::::::::: 0x5 ::::::::::::::::::::::::::::::::::::::]
>> Misc
Greetz && Thanks = inj3ct0r team, Exploit DB, hack0wn and ExpBase!
<3 packetstormsecurity.org!
 
 
[:::::::::::::::::::::::::::::::::::::: EOF ::::::::::::::::::::::::::::::::::::::]



#  0day.today [2018-04-06]  #