Bugtraq mailing list archives
Big Blue Guestbook HTML Injection Vulnerabilities
From: seko () se-ko info
Date: 23 Apr 2007 11:05:23 -0000
Hi friends, Big Blue Guestbook software is prone to HTML injection attacks. This issue is exposed via the message form field in the guestbook entry submission form. Exploitation could permit remote attackers to persistently inject hostile HTML and script code into guestbook content. This could allow for theft of cookie-based authentications or other attacks, such as those which misrepresent guestbook content. vendor : http://www.ben-barnett.com/guestbook.php download : http://www.ben-barnett.com/BigBlueGuestbook.zip Thnx: www.starhack.org // CaRaMeL
Current thread:
- Big Blue Guestbook HTML Injection Vulnerabilities seko (Apr 23)