|
|
 |
| New User, Welcome! Login |
MJGuest 6.8 GT Cross Site Scripting Vulnerability
| From: |
irancrash gmail com |
| To: |
bugtraq securityfocus com |
| Cc: |
|
| Subject: |
MJGuest 6.8 GT Cross Site Scripting Vulnerability |
| Date: |
Tue - Jul 29, 2008 01:41 PM |
----------------------------------------------------------------
Script : MJGuest 6.8 GT
Type : Cross Site Scripting Vulnerability
Alert : Medium
----------------------------------------------------------------
Discovered by : Khashayar Fereidani
Our Team : IRCRASH
My Official Website : HTTP://FEREIDANI.IR
Khashayar Fereidani Email : irancrash [ a t ] gmail [ d o t] com
----------------------------------------------------------------
Khashayar Fereidani Offical Website : HTTP://FEREIDANI.IR
----------------------------------------------------------------
Script Download : http://www.mdsjack.bo.it/files/mjguest_6.8gt.zip
----------------------------------------------------------------
XSS Vulnerability :
Invalid Code : ./guestbook.js.php => document.write('<a href="javascript:guestbook()">' + '<?php echo $_GET['link']?>' + '</a>');
Vulnerable variable : link
Address : http://Example/guestbook.js.php?link=[XSS]
Solution : Filter link variable with htmlsepcialchars() function .
----------------------------------------------------------------
Tnx : God
HTTP://IRCRASH.COM
----------------------------------------------------------------
|
|
|
Copyright © 1995-2012 LinuxRocket.net. All rights reserved.
Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!
