|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
XSS vulnerability in guestbook-php-script
From: Micha Borrmann (borrmann
syss.de)
Date: Mon Feb 13 2006 - 10:30:39 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -------------------------------------------------------------------
SySS-Advisory: XSS-vulnerability in guestbook-php-script
- -------------------------------------------------------------------
Problem discovered: February 3d 2006
Vendor contacted: February 7th 2006
Advisory published: February 13th 2006
AUTHOR: Micha Borrmann (borrmannsyss.de)
SySS GmbH
D-72070 Tuebingen / Germany
APPLICATION: gastbuch
AFFECTED VERSION: all < 1.3.3 (1.3.2 tested)
Remotely exploitable: Yes
SEVERITY: Medium
DESCRIPTION:
The guestbook software published on http://www.php4scripte.de/gast.php
allows HTML- and javascriptcode to be injected in the "URL"-field.
EXAMPLE:
http://www.site.com/"<script>alert(123)</script>"
VENDOR STATUS: The vendor published a fixed version (1.3.3) on
http://www.php4scripte.de
less than five hours after the problem was reported.
-----BEGIN PGP SIGNATURE-----
iD8DBQFD8LQv5r2byszldyARAl9IAJ9n+jrUZnCExYy2B+Gc3nbDZ7h6EQCfYi4q
sPY/y7iexfBvUzOoq69DnuQ=
=XMsJ
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]