Vulnerability:
guest.asp neglects filtering user input allowing
for script injection to the guestbook via "URL"
field. The injected script will be executed in
anyones browser who visits the guestbook.
____________________________
Best Regards, drG4njubas
Black Tigerz Research Group
http://www.blacktigerz.org
can be found at www.blcktigerz.org
Subject:
AspJar guestbook script injection vulnerability.
Description:
Free Advanced ASP Guestbook Script
Vendor:
http://www.aspjar.com
Vulnerability:
guest.asp neglects filtering user input allowing
for script injection to the guestbook via "URL"
field. The injected script will be executed in
anyones browser who visits the guestbook.
____________________________
Best Regards, drG4njubas
Black Tigerz Research Group
http://www.blacktigerz.org
[ reply ]