lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20070423110523.32079.qmail@securityfocus.com>
Date: 23 Apr 2007 11:05:23 -0000
From: seko@...ko.info
To: bugtraq@...urityfocus.com
Subject: Big Blue Guestbook HTML Injection Vulnerabilities

Hi friends, 


Big Blue Guestbook software is prone to HTML injection attacks. This issue is exposed via the message form field in the 

guestbook entry submission form. 

Exploitation could permit remote attackers to persistently inject hostile HTML and script code into guestbook content. This 

could allow for theft of cookie-based authentications or other attacks, such as those which misrepresent guestbook content. 

vendor : http://www.ben-barnett.com/guestbook.php
download : http://www.ben-barnett.com/BigBlueGuestbook.zip

Thnx: www.starhack.org // CaRaMeL

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ