[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

GuestbookXL 1.3

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: GuestbookXL 1.3
From: luny@xxxxxxxxxxxxxxx
Date: 24 May 2006 07:36:40 -0000

GuestbookXL 1.3
Homepage:
http://phpscripts.byethost12.com/guestbook.php

Description:
This simple guestbook makes it possible to store messages from users. It stores 
the name, Email address (when given) as a mailto link and the message itself. 
It has 30 smileys at this moment, but other smileys are easilly added to this 
collection. It uses a simple CSS stylesheet which is easily modified to your 
own needs. It renders a valid HTML 4.01 STRICT guestbook with valid CSS2 Latest 
change 1: advanced linebreaking on long words Latest change 2: advanced smiley 
code breaking Latest change 3: no scripts (PHP or Javascript) can be posted in 
guestbook by visitor.

Effected files:
guestwrite.php
guestbook.php

Exploits & Vulns:
This script may say it doesnt allow php or javascript, however image tags 
amongst others areallowed. The input forms on this guestbook don't sanatize 
user input correctly before generating it dynamically.

Example:
Put <IMG SRC=javascript:alert(&quot;XSS&quot;)> in as your comment

Prev by Date: [USN-286-1] Dia vulnerabilities
Next by Date: Re: Circumventing quarantine control in Windows 2003 and ISA 2004
Previous by thread: [USN-286-1] Dia vulnerabilities
Next by thread: CMS Mundo V1.0
Index(es):
- Date
- Thread