Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:12916
HistoryJun 01, 2006 - 12:00 a.m.

Techno Dreams GuestBook Remote XSS Exploit

2006-06-0100:00:00
vulners.com
25
JSON
      -  Techno Dreams GuestBook Remote XSS Exploit -

-= http://colander.altervista.org/advisory/TDGuestBook.txt =-

  -= Techno Dreams GuestBook Latetest Version =-

Omnipresent
May 04, 2006

Vunerability(s):

XSS Exploit

Product:

Techno Dreams GuestBook Latetest Version

Vendor:

http://www.t-dreams.com/

Description of product:

A free ready to use Guest Book ASP script. It uses MS Access with ability to be upgraded into SQL.
Now, we've added an Admin Area for the script (not in the demo). Special thanks for Victor Hugo Sosa Esquivel for the
Spanish Translation.

Vulnerability / Exploit:

The application is vulnerable to an XSS (Cross-Site Scripting) Attack.

PoC / Proof of Concept:

If the poster post in the field *comments: (after click on Sign Our GuestBook) the follow script

<script>alert("You are vulnerabile to XSS")</script>

When a user go to see the blog he receive the message "You are vulnerabile to XSS".

Vendor Status

Not Informed!

Credits:

omnipresent
[email protected]

JSON