Bugtraq mailing list archives

Re: Advanced Guestbook

From: Stewart Souter <webmaster () carbonize co uk>
Date: 22 Jan 2005 13:53:06 -0000

In-Reply-To: <8ea2ac2004120211406650777b () mail gmail com>

This exploit does not exist. I wish people would actually check their facts before crying wolf. Advanced guestbook 
2.3.1 already checks the URL as it is submitted. It uses the following if statement.

if (htmlspecialchars($this->url) != "$this->url") {
  $this->url = '';
}

which can be found in lib/add.entry.php.

regards,
Carbonize

Mailing-List: contact bugtraq-help () securityfocus com; run by ezmlm
Precedence: bulk
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
       s=beta; d=gmail.com;
       h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding;
       
b=ZzuHyFaU5dWXZZZ6ks4DM8A7YxZdqOaW+R9+TGOJeGPg3nc7gK0eeTRqw3kIfp+WNs8gSpgvnDrdU+favNNKH8oxl/NKuuS4N2L96onsg9TbDzXZmnQSCmKbQxnOWLhv5EiLUStZIX5ZO+kq6QpKnftsFB76e1mqe12VGww+MEE=
Message-ID: <8ea2ac2004120211406650777b () mail gmail com>
Date: Thu, 2 Dec 2004 20:40:21 +0100
From: Emile van Elen <emile.van.elen () gmail com>
Reply-To: Emile van Elen <emile.van.elen () gmail com>
To: bugtraq () securityfocus com
Subject: Advanced Guestbook
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

There's a XSS in Advanced Guestbook 2.3.1

For example:

index.php?entry=&lt;script&gt;alert(document.cookie)&lt;/script&gt;


greetings,
-- 
Emile van Elen

Current thread:

Re: Advanced Guestbook Stewart Souter (Jan 22)