Computer Security

Security Advisory: phazizGuestbook v2.0 - XSS
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  [Full-disclosure] ASPListPics

  [Kil13r-SA-20060609-
3] DreamWiz Search Cross-Site Scripting Vulnerability

  [Kil13r-SA-20060609-
2] DaNaWa Search Cross-Site Scripting Vulnerability

  [Kil13r-SA-20060609-
1] Daum Search Cross-Site Scripting Vulnerability

From:luny_(at)_youfucktard.com <luny_(at)_youfucktard.com>
Date:10.06.2006
Subject:phazizGuestbook v2.0 - XSS

phazizGuestbook v2.0


Homepage:
http://www.devhome.de/#english_version

Effected files:
input boxes of name, email, url, text.

XSS Vulnerability:
None of these input boxes sanatize user input before generating it. for PoC put <IMG
SRC=javascript:alert(�XSS')> in any of the above boxes.

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru