lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <43F0B42F.8090905@syss.de>
Date: Mon, 13 Feb 2006 17:30:39 +0100
From: Micha Borrmann <borrmann@...s.de>
To: bugtraq@...urityfocus.com
Subject: XSS vulnerability in guestbook-php-script


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------
SySS-Advisory: XSS-vulnerability in guestbook-php-script
- -------------------------------------------------------------------

Problem discovered: 		February	3d   2006
Vendor contacted: 		February 	7th  2006
Advisory published: 		February 	13th 2006

AUTHOR: Micha Borrmann (borrmann@...s.de)
        SySS GmbH
        D-72070 Tuebingen / Germany

APPLICATION:		gastbuch
AFFECTED VERSION: 	all < 1.3.3 (1.3.2 tested)

Remotely exploitable: 	Yes

SEVERITY: Medium

DESCRIPTION:
The guestbook software published on http://www.php4scripte.de/gast.php
allows HTML- and javascriptcode to be injected in the "URL"-field.

EXAMPLE:
http://www.site.com/"<script>alert(123)</script>"

VENDOR STATUS: The vendor published a fixed version (1.3.3) on
http://www.php4scripte.de
less than five hours after the problem was reported.

-----BEGIN PGP SIGNATURE-----

iD8DBQFD8LQv5r2byszldyARAl9IAJ9n+jrUZnCExYy2B+Gc3nbDZ7h6EQCfYi4q
sPY/y7iexfBvUzOoq69DnuQ=
=XMsJ
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ