Bugtraq mailing list archives

phazizGuestbook v2.0 - XSS

From: luny () youfucktard com
Date: 8 Jun 2006 21:49:05 -0000

phazizGuestbook v2.0


Homepage:
http://www.devhome.de/#english_version

Effected files:
input boxes of name, email, url, text.

XSS Vulnerability:
None of these input boxes sanatize user input before generating it. for PoC put <IMG SRC=javascript:alert(&#00000XSS')> 
in any of the above boxes.

Current thread:

phazizGuestbook v2.0 - XSS luny (Jun 09)