by r0t,der4444,cembo,VietMafia

Saturday, April 15, 2006

PhpGuestbook v1.0 Script Insertion Vulnerability

###############################################
Vuln. discovered by : r0t
Date: 15 april 2006
vendor:Dubelu
vendorlink:http://www.dubelu.com/
affected versions:PhpGuestbook v1.0 and previous
###############################################

Vuln. Description:

Input passed to the "Name","Website","Comment" field parameters in "PhpGuestbook.php" is not properly sanitised before being used. This can be exploited to inject arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious user data is viewed.


###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

0 Comments:

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew