header-logo
Suggest Exploit
vendor:
Winn Guestbook
by:
indoushka
7.5
CVSS
HIGH
XSS
79
CWE
Product Name: Winn Guestbook
Affected Version From: 2.4
Affected Version To: 2.4
Patch Exists: NO
Related CWE: N/A
CPE: a:winn.ws:winn_guestbook:2.4
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu)
2020

© Winn Guestbook V2.4, Winn.ws Cross Site Scripting Vulnerability

A Cross-Site Scripting (XSS) vulnerability was discovered in © Winn Guestbook V2.4, Winn.ws. An attacker can inject malicious JavaScript code into the vulnerable parameter of the application, which will be executed in the browser of the victim when the page is loaded.

Mitigation:

Input validation should be used to prevent the execution of malicious code. The application should also be configured to use a Content Security Policy (CSP) to prevent the execution of malicious code.
Source

Exploit-DB raw data:

========================================================================================                  
| # Title    : © Winn Guestbook V2.4, Winn.ws Cross Site Scripting Vulnerability       |
| # Author   : indoushka                                                               |
| # email    : indoushka@hotmail.com                                                   |
| # Home     : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -(00213771818860)       |
| # Web Site : www.iq-ty.com                                                           |
| # Script   :  © Winn Guestbook V2.4, Winn.ws                                         |
| # Tested on: windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu)       |
| # Bug      : XSS                                                                     | 
======================      Exploit By indoushka       =================================
| # Exploit  : 
| 
| 1- http://127.0.0.1/Winn-Guestbook[php]/index.php/>"><ScRiPt>alert(213771818860)</ScRiPt>
|
================================   Dz-Ghost Team   ========================================
Greetz : all my friend * Dos-Dz * Snakespc * His0k4 * Hussin-X * Str0ke * Saoucha * Star08 |
-------------------------------------------------------------------------------------------

Navigation

Suggest Exploit

Services By CQR