html Guest Gear May 27 2006 08:43AM
pieisgdvgd hotmail co uk
htmls guest gear (all pages that look like this http://htmlgear.tripod.com/guest/control.guest?a=sign) has an exploit where you can inject html and javascript into there guestbook by doing the following

<br iframe src=javascript:alert("hi")>></br>

you can put any html or javascript in there. you can find vunrable page by doing the following google search

site:http://htmlgear.tripod.com/guest/control.guest?a=sign

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus