Computer Security

Security Advisory: [eVuln] Doika guestbook 'page' XSS Vulnerability
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  [SA21883] emuCMS "query" and "page" Cross-Site Scripting Vulnerabilities

  phpQuiz v0.01 design and coding byJule Slootbeek (pagename) Remote File Inclusion

  Mambo com_serverstat Component <=0.4.4 Remote File Include Vulnerability

  Magic News Pro => 1.0.3 (script_path)
Remote File Inclusion Exploit

From:Aliaksandr Hartsuyeu <alex_(at)_evuln.com>
Date:14.09.2006
Subject:[eVuln] Doika guestbook 'page' XSS Vulnerability

New eVuln Advisory:
Doika guestbook 'page' XSS Vulnerability
http://evuln.com/vulns/134/summary.html

--------------------Summary----------------
eVuln ID: EV0134
CVE: CVE-2006-4325
Software: Doika guestbook
Sowtware's Web Site: http://doika.net/
Versions: 2.5
Critical Level: Harmless
Type: Cross-Site Scripting
Class: Remote
Status: Unpatched. No reply from developer(s)
PoC/Exploit: Available
Solution: Not Available
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)

-----------------Description---------------
Cross-Site Scripting.

Vulnerable Script: gbook.php

Parameter page is not properly sanitized. This can be used to post
arbitrary HTML or web script code.


--------------PoC/Exploit----------------------
Available at: http://evuln.com/vulns/134/exploit.html

--------------Solution---------------------
No Patch available.

--------------Credit-----------------------
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)


Regards,
Aliaksandr Hartsuyeu
http://evuln.com - Penetration Testing Services
.

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru