Computer Security

Security Advisory: PBL Guestbook v1.31 - XSS
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  [SA20454] Enigma Haber "il" Parameter Cross-Site Scripting

  OpenEMR <= 2.8.1 Remote File Include Vulnerability

  Xtreme/Ditto News <= v.1.0 Remote File Include Vulnerability

  MiraksGalerie <= 2.62 Multiple Remote command execution

From:luny_(at)_youfucktard.com <luny_(at)_youfucktard.com>
Date:08.06.2006
Subject:PBL Guestbook v1.31 - XSS

PBLGuestbook v1.31

Homepage:
http://www.pixelatedbylev.com/

Effected files:
input boxes of the guestbook.

XSS Vulnerabilities PoC:

I noticed that common tags like <script> are filtered into the words "SCRIPT BLOCKED" in this
guestbook, however img tags as well as others go unfiltered in the Name, Email,and Website boxes. In
turn, this could cause an XSS

attack to occur. For PoC just enter: <IMG SRC=javascript:alert('XSS')> in any of these boxes.
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru