CuteGuestbook is susceptible to cross site scripting attacks.
02b73543425bd93a8ea0cef739a024abdf91289a44c374148431fbf3f71ed1b5------------------------------------------------------------------
- Cute Guestbook Remote XSS Exploit -
-= http://colander.altervista.org/advisory/CuteGuestbook.txt =-
------------------------------------------------------------------
-= Cute Guestbook =-
Omnipresent
May 04, 2006
Vunerability(s):
----------------
XSS Exploit
Product:
--------
Cute Guestbook
Vendor:
--------
http://www.scriptsez.net/index.php?action=detail&id=1086399301
Description of product:
-----------------------
PHP based guestbook requires no configuration and no database. Features: Bad words filter, number of messages per page,
total messages to keep in record, emoticons with comments and much more.
Platform(s): linux, windows
Date Added: Jun 5, 2004
Last Updated: Feb 11, 2006
Author: Scriptsez Inc.
Vulnerability / Exploit:
------------------------
The applications Cute Guestbook is vulnerable to an XSS (Cross-Site Scripting) Attack.
PoC / Proof of Concept:
-----------------------
An attacker can go to this URL:
http://www.victim_host/[path]/guestbook.php?action=sign
or
http://www.victim_host/[path]/guestbook.php
and then click on:
Click here to sign our Guestbook
Then insert in the field Name the Nick and in the field Comments put XSS like:
<script>alert("You are vulnerabile to XSS")</script>
Additional Informations:
------------------------
google dorks: "Powered By:Cute Guestbook"
Vendor Status
-------------
Not informed!
Credits:
--------
omnipresent
omnipresent@email.it
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed