Hiox Guestbook 3.1

2006.05.24
Risk: Low
Local: No
Remote: Yes
CWE: CWE-Other


CVSS Base Score: 6.8/10
Impact Subscore: 6.4/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

Hiox Guestbook 3.1 Homepage: http://hscripts.com/scripts/php/gb.php Description A free guest book script that can be added in to any html website with php. Effected files: index.php Exploit: The input forms for signing the guestbook arent sanatized properally. This could lead users to insert malicious code causing XSS. It should also be noted that this gb uses a flatfile gb.txt to store its info in, and has to be chmodded to 777. There isn't method of obscuring email addresses in this gb script either.


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top