|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Big Blue Guestbook HTML Injection Vulnerabilities
seko
se-ko.info
Date: Mon Apr 23 2007 - 06:05:23 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi friends,
Big Blue Guestbook software is prone to HTML injection attacks. This issue is exposed via the message form field in the
guestbook entry submission form.
Exploitation could permit remote attackers to persistently inject hostile HTML and script code into guestbook content. This
could allow for theft of cookie-based authentications or other attacks, such as those which misrepresent guestbook content.
vendor : http://www.ben-barnett.com/guestbook.php
download : http://www.ben-barnett.com/BigBlueGuestbook.zip
Thnx: www.starhack.org // CaRaMeL
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]