Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:13294
HistoryJun 23, 2006 - 12:00 a.m.

vlbook 1.2 XSS Attack

2006-06-2300:00:00
vulners.com
9428
JSON

vlBook 1.02 Advisory

Date:

2005 June 23

Product:

vlBook 1.02 © 2005

Vendor:

http://vlab.info/

Descriptions:

The vlbook is a free, open source and light-weight guestbook written in PHP using flat files to store messages
and settings. It comes with install script for quick and effortless installation. Features include a WYSIWYG Editor,
template based skins, multilingual support, avatars packs and more.

Exploit(s)/Vulnerability(ies):

  • XSS Vulnerability -

This product is vulnerable to an XSS Attack. The variable message is not properly sanitised before being used; so a malicious
people can inject arbitrary XSS code.

PoC 0f XSS:

If an attacker put in the field "Message*:" this code:

<script>alert("XSS ATTACK")</script>

Further information:

googledorks: Powered by vlBook 1.02 © 2005

Vendor Status:

Informed but I've not received the reply.

Credits:

Omnipresent
[email protected]

JSON