phazizGuestbook v2.0 - XSS

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: phazizGuestbook v2.0 - XSS
From: luny@xxxxxxxxxxxxxxx
Date: 8 Jun 2006 21:49:05 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

phazizGuestbook v2.0


Homepage:
http://www.devhome.de/#english_version

Effected files:
input boxes of name, email, url, text.

XSS Vulnerability:
None of these input boxes sanatize user input before generating it. for PoC put 
<IMG SRC=javascript:alert(&#00000XSS')> in any of the above boxes.

Prev by Date: iFoto v0.20-06/06/06
Next by Date: Re: PHP-Nuke <= 7.9 Search XSS Vulnerability
Previous by thread: Re: iFoto v0.20-06/06/06
Next by thread: [USN-293-1] gdm vulnerability
Index(es):
- Date
- Thread