Computer Security

Security Advisory: Morris Guestbook v1
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  [Full-disclosure] ZH2006-20 SA: CosmicShoppingCart Multiple Vulnerabilities

  Smile  Guestbook v1

  Pretty Guestbook v1

  Vacation Retal Script v1.0

From:luny_(at)_youfucktard.com <luny_(at)_youfucktard.com>
Date:27.05.2006
Subject:Morris Guestbook v1

Homepage:
http://www.tuttophp.altervista.org/morrisguest-ing.htm

Description:
Morris Guestbook is a text-based guestbook with the following features: Data storing on text file,
paging of messages on screen, words crypting, counting of inserted messages, blockage of messages with
both html tags(<>)

Effected files:
view.php

An XSS attack is possible due to no filtering of pagina variable:
http://www.example.com/morrisgbook/view.php?pagina=1[IMG%20SRC=javascript:
alert(String.fromCharCode(88,83,83))]

-------------------------

http://www.youfucktard.com
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server