Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:12540
HistoryMay 05, 2006 - 12:00 a.m.

Cute Guestbook Remote XSS Exploit

2006-05-0500:00:00
vulners.com
10
JSON
      - Cute Guestbook Remote XSS Exploit -

-= http://colander.altervista.org/advisory/CuteGuestbook.txt =-

		-= Cute Guestbook =-

Omnipresent
May 04, 2006

Vunerability(s):

XSS Exploit

Product:

Cute Guestbook

Vendor:

http://www.scriptsez.net/index.php?action=detail&id=1086399301

Description of product:

PHP based guestbook requires no configuration and no database. Features: Bad words filter, number of messages per page,
total messages to keep in record, emoticons with comments and much more.

Platform(s): linux, windows
Date Added: Jun 5, 2004
Last Updated: Feb 11, 2006
Author: Scriptsez Inc.

Vulnerability / Exploit:

The applications Cute Guestbook is vulnerable to an XSS (Cross-Site Scripting) Attack.

PoC / Proof of Concept:

An attacker can go to this URL:

http://www.victim_host/[path]/guestbook.php?action=sign

or

http://www.victim_host/[path]/guestbook.php

and then click on:

Click here to sign our Guestbook

Then insert in the field Name the Nick and in the field Comments put XSS like:
<script>alert("You are vulnerabile to XSS")</script>

Additional Informations:

google dorks: "Powered By:Cute Guestbook"

Vendor Status

Not informed!

Credits:

omnipresent
[email protected]

JSON