Threat level definition
Search:
Home
Bugtraq
Vulnerabilities
Mailing Lists
Jobs
Tools
Beta Programs
News
Infocus
Foundations
Microsoft
Unix
IDS
Incidents
Virus
Pen-Test
Firewalls
Columnists
Mailing Lists
Newsletters
Bugtraq
Focus on IDS
Focus on Linux
Focus on Microsoft
Forensics
Pen-test
Security Basics
Vuln Dev
Vulnerabilities
Jobs
Job Opportunities
Resumes
Job Seekers
Employers
Tools
RSS
News
Vulns
Security Research
BugTraq
Back to list
|
Post reply
XSS vulnerability in guestbook-php-script
Feb 13 2006 04:30PM
Micha Borrmann (borrmann syss de)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -------------------------------------------------------------------
SySS-Advisory: XSS-vulnerability in guestbook-php-script
- -------------------------------------------------------------------
Problem discovered: February 3d 2006
Vendor contacted: February 7th 2006
Advisory published: February 13th 2006
AUTHOR: Micha Borrmann (borrmann (at) syss (dot) de [email concealed])
SySS GmbH
D-72070 Tuebingen / Germany
APPLICATION: gastbuch
AFFECTED VERSION: all < 1.3.3 (1.3.2 tested)
Remotely exploitable: Yes
SEVERITY: Medium
DESCRIPTION:
The guestbook software published on http://www.php4scripte.de/gast.php
allows HTML- and javascriptcode to be injected in the "URL"-field.
EXAMPLE:
http://www.site.com/"<script>alert(123)</script>"
VENDOR STATUS: The vendor published a fixed version (1.3.3) on
http://www.php4scripte.de
less than five hours after the problem was reported.
-----BEGIN PGP SIGNATURE-----
iD8DBQFD8LQv5r2byszldyARAl9IAJ9n+jrUZnCExYy2B+Gc3nbDZ7h6EQCfYi4q
sPY/y7iexfBvUzOoq69DnuQ=
=XMsJ
-----END PGP SIGNATURE-----
[ reply ]
Privacy Statement
Copyright 2009, SecurityFocus
Hash: SHA1
- -------------------------------------------------------------------
SySS-Advisory: XSS-vulnerability in guestbook-php-script
- -------------------------------------------------------------------
Problem discovered: February 3d 2006
Vendor contacted: February 7th 2006
Advisory published: February 13th 2006
AUTHOR: Micha Borrmann (borrmann (at) syss (dot) de [email concealed])
SySS GmbH
D-72070 Tuebingen / Germany
APPLICATION: gastbuch
AFFECTED VERSION: all < 1.3.3 (1.3.2 tested)
Remotely exploitable: Yes
SEVERITY: Medium
DESCRIPTION:
The guestbook software published on http://www.php4scripte.de/gast.php
allows HTML- and javascriptcode to be injected in the "URL"-field.
EXAMPLE:
http://www.site.com/"<script>alert(123)</script>"
VENDOR STATUS: The vendor published a fixed version (1.3.3) on
http://www.php4scripte.de
less than five hours after the problem was reported.
-----BEGIN PGP SIGNATURE-----
iD8DBQFD8LQv5r2byszldyARAl9IAJ9n+jrUZnCExYy2B+Gc3nbDZ7h6EQCfYi4q
sPY/y7iexfBvUzOoq69DnuQ=
=XMsJ
-----END PGP SIGNATURE-----
[ reply ]