- Cute Guestbook Remote XSS Exploit -
-= Cute Guestbook =-
Omnipresent
May 04, 2006
XSS Exploit
Cute Guestbook
http://www.scriptsez.net/index.php?action=detail&id=1086399301
PHP based guestbook requires no configuration and no database. Features: Bad words filter, number of messages per page,
total messages to keep in record, emoticons with comments and much more.
Platform(s): linux, windows
Date Added: Jun 5, 2004
Last Updated: Feb 11, 2006
Author: Scriptsez Inc.
The applications Cute Guestbook is vulnerable to an XSS (Cross-Site Scripting) Attack.
An attacker can go to this URL:
http://www.victim_host/[path]/guestbook.php?action=sign
or
http://www.victim_host/[path]/guestbook.php
and then click on:
Click here to sign our Guestbook
Then insert in the field Name the Nick and in the field Comments put XSS like:
<script>alert("You are vulnerabile to XSS")</script>
google dorks: "Powered By:Cute Guestbook"
Not informed!
omnipresent
[email protected]