Sethi Family Guestbook 3.1.8 Cross Site Scripting

Sethi Family Guestbook 3.1.8 Cross Site Scripting: Posted Apr 27, 2010; Authored by Valentin Hoebel; Sethi Family Guestbook version 3.1.8 suffers from a cross site scripting vulnerability.; tags | exploit, xss; SHA-256 | b4379f6d45c3919e162bf7599ba7572e49b922158191323f2e2aa14c9bc31834; Download | Favorite | View

Sethi Family Guestbook 3.1.8 Cross Site Scripting

# Exploit Title: Sethi Family Guestbook XSS Vulnerabilities
# Date: 24.04.2010
# Author: Valentin
# Category: webapps/0day
# Version: 3.1.8
# Tested on: 
# CVE :  
# Code : 


[:::::::::::::::::::::::::::::::::::::: 0x1 ::::::::::::::::::::::::::::::::::::::]
>> General Information 
Advisory/Exploit Title = Sethi Family Guestbook XSS Vulnerabilities
Author = Valentin Hoebel
Contact = valentin@xenuser.org


[:::::::::::::::::::::::::::::::::::::: 0x2 ::::::::::::::::::::::::::::::::::::::]
>> Product information
Name = Sethi Family Guestbook
Vendor = Sethi
Vendor Website = http://www.sethi.org/
Affected Version(s) = 3.1.8

 
[:::::::::::::::::::::::::::::::::::::: 0x3 ::::::::::::::::::::::::::::::::::::::]
>> #1 Vulnerability
Type = XSS
Example URI = index.php?start=XX&number=~~XSS~~&bg=XX&f=XX

>> #2 Vulnerability
Type = XSS
Injecting HTML/JavaScript in normal guestbook entries is possible, e.g. try
<iframe> and <script> tags.


[:::::::::::::::::::::::::::::::::::::: 0x4 ::::::::::::::::::::::::::::::::::::::]
>> Additional Information
Advisory/Exploit Published = 24.04.2010


[:::::::::::::::::::::::::::::::::::::: 0x5 ::::::::::::::::::::::::::::::::::::::]
>> Misc
Greetz && Thanks = inj3ct0r team, Exploit DB, hack0wn and ExpBase!
<3 packetstormsecurity.org!


[:::::::::::::::::::::::::::::::::::::: EOF ::::::::::::::::::::::::::::::::::::::]

Top Authors In Last 30 Days

Red Hat 179 files
Ubuntu 58 files
Debian 26 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
E1.Coders 4 files
malvuln 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

Sethi Family Guestbook 3.1.8 Cross Site Scripting

Sethi Family Guestbook 3.1.8 Cross Site Scripting

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Sethi Family Guestbook 3.1.8 Cross Site Scripting

Share This

Sethi Family Guestbook 3.1.8 Cross Site Scripting

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems