I noticed that common tags like <script> are filtered into the words "SCRIPT BLOCKED" in this guestbook, however img tags as well as others go unfiltered in the Name, Email,and Website boxes. In turn, this could cause an XSS
attack to occur. For PoC just enter: <IMG SRC=javascript:alert('XSS')> in any of these boxes.
Homepage:
http://www.pixelatedbylev.com/
Effected files:
input boxes of the guestbook.
XSS Vulnerabilities PoC:
I noticed that common tags like <script> are filtered into the words "SCRIPT BLOCKED" in this guestbook, however img tags as well as others go unfiltered in the Name, Email,and Website boxes. In turn, this could cause an XSS
attack to occur. For PoC just enter: <IMG SRC=javascript:alert('XSS')> in any of these boxes.
[ reply ]