|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Sakki's guestbook V.1.01 script injection vulnerability.
From: drG4njubas (drG4nj
mail.ru)
Date: Thu Apr 03 2003 - 08:05:22 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This advisory can be found at www.blacktigerz.org.
Description:
Easy to manage and configure asp powered guestbook.
Works with MS Access database or without it.
Vendor:
http://www.sakki.net
Vulnerability:
gb.asp neglects filtering user input allowing for script injection to
the guestbook via
"name" , "city/state" and "own url" fields. The injected script will be
executed in anyones
browser who visits the guestbook.
____________________________
Best Regards, drG4njubas
Black Tigerz Research Group
http://www.blacktigerz.org
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]