Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Tinyguestbook XSS

From: Henri Salo <henri () nerv fi>
Date: Tue, 3 Jan 2012 23:13:51 +0200
On Tue, Jan 03, 2012 at 08:13:32AM -0500, tom wrote:

# Exploit Title: Tinyguestbook XSS
# Date: 01/03/12
# Author: G13
# Software Link: http://code.google.com/p/tinyguestbook/
# Category: webapps (php)
#

##### Vulnerability #####

There is no sanitation on the input of the msg variable. This allows
malicious scripts to be added. This is a stored XSS

##### Vendor Notification #####

12/23/11 - Vendor Notified.
12/27/11 - Vendor email.
01/03/12 - No response, disclosure

##### Affected Variables #####

Msg=[XSS]

##### Exploit #####

The script can be added right in the page, there is no filtering of
input.


There is also SQL-injection vulnerability, which is not critical. I still reported it to the developer: 
http://code.google.com/p/tinyguestbook/issues/detail?id=3

- Henri Salo
Previous By Date Next
Previous By Thread Next

Current thread: