Please view the txt advisory here. The actually very nice guestbook “Guestbook PHP” suffers from a XSS vulnerability. The guestbook fails to properly sanitize the user input when a new entry is added. When HTML/Java Script code is added, it gets displayed/parsed when the new entry was successfully submitted. Furthermore the code gets executed when [...]
Author: valentin
Please view the txt advisory here.
The actually very nice guestbook “Guestbook PHP” suffers from a XSS vulnerability.
The guestbook fails to properly sanitize the user input when a new entry is added.
When HTML/Java Script code is added, it gets displayed/parsed when the new entry was
successfully submitted.
Furthermore the code gets executed when the admin views the entries in the control panel.
It is even possible to temporarily disable the admin features in the backend
since the injected code gets executed before the admin buttons get displayed.
When the correct code was injected, the design gets destroyed and the admin buttons disappear.
Comments on this entry (no comments)
Did you like this post? You can share your opinion with us! Simply click here.