|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
AspJar guestbook script injection vulnerability.
From: drG4njubas (drG4nj
mail.ru)
Date: Fri Apr 04 2003 - 08:00:59 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This advisory and other useful files
can be found at www.blcktigerz.org
Subject:
AspJar guestbook script injection vulnerability.
Description:
Free Advanced ASP Guestbook Script
Vendor:
http://www.aspjar.com
Vulnerability:
guest.asp neglects filtering user input allowing
for script injection to the guestbook via "URL"
field. The injected script will be executed in
anyones browser who visits the guestbook.
____________________________
Best Regards, drG4njubas
Black Tigerz Research Group
http://www.blacktigerz.org
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]