@lex Guestbook Multi Vulnerability

vendor:

@lex Guestbook

by:

LionTurk

7,5

CVSS

HIGH

XSS

CWE

Product Name: @lex Guestbook

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

@lex Guestbook Multi Vulnerability

The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'seeMess' parameter to '/index.php' script. A remote attacker can execute arbitrary HTML and script code in a browser in the context of the vulnerable website. Also, the setup.php script is accessible without authentication, which can be used to gain administrative access.

Mitigation:

Input validation should be used to ensure that untrusted data is not used to dynamically generate web content.

Source

Exploit-DB raw data:

==============================================================================  

                      _      _       _          _      _   _  

                     / \    | |     | |        / \    | | | |  

                    / _ \   | |     | |       / _ \   | |_| |  

                   / ___ \  | |___  | |___   / ___ \  |  _  |  

                  /_/   \_\ |_____| |_____| /_/   \_\ |_| |_|  

   

   

==============================================================================  

        [»] ~ Note : Forever RevengeHack.Com-Ar-Ge.Org Acildi

==============================================================================  

        [»]  @lex Guestbook Multi Vulnerability 

==============================================================================  

   

    [»] Script:             [  @lex Guestbook  ]  

    [»] Language:           [ PHP ]  

    [»] Download:           [ http://scripti.org/script_lex-guestbook_614_26.html] 

    [»] Founder:            [ LionTurk -  Bylionturk@kafam1milyon.com & LionTurk.Turkblog.com }

    [»] My Home:            [ RevengeHack.com and Ar-ge.Org ]  

    [»]N0T3    :             Yeni Aciklarimi Bekleyin.


###########################################################################  

   

===[ Exploit And Dork  ]===  

   

  [»] http://server/[dizin]/index.php?lang=english&skin=&debut=0&seeAdd=1&seeNotes=&seeMess=[XSS-Vuln] 
  [»] http://server/[dizin]/setup.php


 


  [»] Powered by @lex Guestbook © - Note to spammers
 




Author:  LionTurk <-  

Bizim Asiret: eXceptioN,CodeInside,CristaL1o,Hack3ra,eXtReMe,By_HKC,TerrorZveng

                 

- Ben Ne Heykirlar Gordum  site heyklicek exploiti yok.Ben Ne exploitler gordum kullancak heykir yok :D
            Kisisel Blogum:LionTurk.Turkblog.com

                                 


###########################################################################