[3/5] Big Blue Guestbook “comments” Script Insertion

April 24th, 2007 by

[3/5] Big Blue Guestbook “comments” Script Insertion

:seko has discovered a vulnerability in Big Blue Guestbook, which can be exploited by malicious people to conduct cross-site scripting attacks.Input passed to the "comments" parameter in signguestbook.php is not properly sanitised before being stored. This can be exploited to insert arbitrary HTML and script code, which can be executed in a user’s browser session in context of an affected site when the guestbook is viewed.Solution:Edit the source code to ensure that input is properly sanitised.Provided and/or discovered by:seko

Original post by kapil

[3/5] Big Blue Guestbook “comments” Script Insertion

Related Articles:

[3/5] SineCms SQL Injection and Script Insertion

[3/5] aflog SQL Injection and Script Insertion Vulnerabilities

[3/5] Mambo AkoBook Component Script Insertion

[2/5] WordPress Blue Memories Theme “s” Cross-Site Scripting

[3/5] LI-Guestbook “country” SQL Injection Vulnerability

Posted in Advisories - Exploits | | [3/5] Big Blue Guestbook “comments” Script Insertion

<< [4/5] 3proxy Transparent Request Handling Buffer Overflow | [4/5] Pagode “asolute” Command Injection and Directory Traversal >>

Cybertrion Systems

[3/5] Big Blue Guestbook “comments” Script Insertion

Categories

Archives:

Search:

Meta: