Bugtraq mailing list archives
Tinyguestbook XSS
From: tom <tom () g13net com>
Date: Tue, 03 Jan 2012 08:13:32 -0500
# Exploit Title: Tinyguestbook XSS # Date: 01/03/12 # Author: G13 # Software Link: http://code.google.com/p/tinyguestbook/ # Category: webapps (php) # ##### Vulnerability #####There is no sanitation on the input of the msg variable. This allows malicious scripts to be added. This is a stored XSS
##### Vendor Notification ##### 12/23/11 - Vendor Notified. 12/27/11 - Vendor email. 01/03/12 - No response, disclosure ##### Affected Variables ##### Msg=[XSS] ##### Exploit #####The script can be added right in the page, there is no filtering of input.
Current thread:
- Tinyguestbook XSS tom (Jan 03)
- Re: Tinyguestbook XSS Henri Salo (Jan 04)