Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:13036
HistoryJun 08, 2006 - 12:00 a.m.

PBL Guestbook v1.31 - XSS

2006-06-0800:00:00
vulners.com
20

PBLGuestbook v1.31

Homepage:
http://www.pixelatedbylev.com/

Effected files:
input boxes of the guestbook.

XSS Vulnerabilities PoC:

I noticed that common tags like <script> are filtered into the words "SCRIPT BLOCKED" in this
guestbook, however img tags as well as others go unfiltered in the Name, Email,and Website boxes. In
turn, this could cause an XSS

attack to occur. For PoC just enter: <IMG SRC=javascript:alert('XSS')> in any of these boxes.