<<< Date Index >>>     <<< Thread Index >>>

PBL Guestbook v1.31 - XSS



PBLGuestbook v1.31

Homepage:
http://www.pixelatedbylev.com/

Effected files:
input boxes of the guestbook.

XSS Vulnerabilities PoC:

I noticed that common tags like <script> are filtered into the words "SCRIPT 
BLOCKED" in this guestbook, however img tags as well as others go unfiltered in 
the Name, Email,and Website boxes. In turn, this could cause an XSS 

attack to occur. For PoC just enter: <IMG SRC=javascript:alert('XSS')> in any 
of these boxes.