Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:12758
HistoryMay 23, 2006 - 12:00 a.m.

Hiox Guestbook 3.1

2006-05-2300:00:00
vulners.com
8
JSON

Hiox Guestbook 3.1

Homepage:
http://hscripts.com/scripts/php/gb.php

Description
A free guest book script that can be added in to any html website with php.

Effected files:

index.php

Exploit:

The input forms for signing the guestbook arent sanatized properally. This could lead users to insert malicious code causing
XSS.

It should also be noted that this gb uses a flatfile gb.txt to store its info in, and has to be chmodded to 777. There isn't
method of obscuring email addresses in this gb script either.

JSON