Threat level definition
Search:
Home
Bugtraq
Vulnerabilities
Mailing Lists
Jobs
Tools
Beta Programs
News
Infocus
Foundations
Microsoft
Unix
IDS
Incidents
Virus
Pen-Test
Firewalls
Columnists
Mailing Lists
Newsletters
Bugtraq
Focus on IDS
Focus on Linux
Focus on Microsoft
Forensics
Pen-test
Security Basics
Vuln Dev
Vulnerabilities
Jobs
Job Opportunities
Resumes
Job Seekers
Employers
Tools
RSS
News
Vulns
Security Research
BugTraq
Back to list
|
Post reply
MJGuest 6.8 GT Cross Site Scripting Vulnerability
Jul 29 2008 08:33PM
irancrash gmail com
----------------------------------------------------------------
Script : MJGuest 6.8 GT
Type : Cross Site Scripting Vulnerability
Alert : Medium
----------------------------------------------------------------
Discovered by : Khashayar Fereidani
Our Team : IRCRASH
My Official Website : HTTP://FEREIDANI.IR
Khashayar Fereidani Email : irancrash [ a t ] gmail [ d o t] com
----------------------------------------------------------------
Khashayar Fereidani Offical Website : HTTP://FEREIDANI.IR
----------------------------------------------------------------
Script Download : http://www.mdsjack.bo.it/files/mjguest_6.8gt.zip
----------------------------------------------------------------
XSS Vulnerability :
Invalid Code : ./guestbook.js.php => document.write('<a href="javascript:guestbook()">' + '<?php echo $_GET['link']?>' + '</a>');
Vulnerable variable : link
Address : http://Example/guestbook.js.php?link=[XSS]
Solution : Filter link variable with htmlsepcialchars() function .
----------------------------------------------------------------
Tnx : God
HTTP://IRCRASH.COM
----------------------------------------------------------------
[ reply ]
Privacy Statement
Copyright 2009, SecurityFocus
Script : MJGuest 6.8 GT
Type : Cross Site Scripting Vulnerability
Alert : Medium
----------------------------------------------------------------
Discovered by : Khashayar Fereidani
Our Team : IRCRASH
My Official Website : HTTP://FEREIDANI.IR
Khashayar Fereidani Email : irancrash [ a t ] gmail [ d o t] com
----------------------------------------------------------------
Khashayar Fereidani Offical Website : HTTP://FEREIDANI.IR
----------------------------------------------------------------
Script Download : http://www.mdsjack.bo.it/files/mjguest_6.8gt.zip
----------------------------------------------------------------
XSS Vulnerability :
Invalid Code : ./guestbook.js.php => document.write('<a href="javascript:guestbook()">' + '<?php echo $_GET['link']?>' + '</a>');
Vulnerable variable : link
Address : http://Example/guestbook.js.php?link=[XSS]
Solution : Filter link variable with htmlsepcialchars() function .
----------------------------------------------------------------
Tnx : God
HTTP://IRCRASH.COM
----------------------------------------------------------------
[ reply ]