Computer Security

Security Advisory: Big Blue Guestbook HTML Injection Vulnerabilities
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  YA Book Persistent XSS Bug

  Post Revolution Remote File Inclusion

  phpMySpace Gold (v8.10) - Blind SQL/XPath Injection Exploit

  DmCMS Shell Uploading

From:seko_(at)_se-ko.info <seko_(at)_se-ko.info>
Date:24.04.2007
Subject:Big Blue Guestbook HTML Injection Vulnerabilities

Hi friends,


Big Blue Guestbook software is prone to HTML injection attacks. This issue is exposed via the message form field in the

guestbook entry submission form.

Exploitation could permit remote attackers to persistently inject hostile HTML and script code into guestbook content. This

could allow for theft of cookie-based authentications or other attacks, such as those which misrepresent guestbook content.

vendor : http://www.ben-barnett.com/guestbook.php
download : http://www.ben-barnett.com/BigBlueGuestbook.zip

Thnx: www.starhack.org // CaRaMeL
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru