logo Home

Untitled Document

Home > Archives Advisories > Articles


Untitled Document

Untitled Document

SignHere guestbook vulnerability
Date: 2003-04-06

Author : drG4njubas <drG4nj@mail.ru>

This advisory nd other useful files
can be found at www.blacktigerz.org

Subject:
SignHere guestbook vulnerability.

Description:
Free, easy-to-use guestbook. Main features are: message text
formatting (bold text, urls etc.); inserting smiles as icons;
web-based administration; email notifications about new posts.
Also html output is optimized to maximize download speed.

Vendor:
Bitstrike software.
http://www.bitstrike.com

Vulnerability:
Default.asp neglects filtering user input allowing
for script injection to the guestbook via "Email"
field. The injected script will be executed in
anyones browser who visits the guestbook.

____________________________
Best Regards, drG4njubas
Black Tigerz Research Group
http://www.blacktigerz.org



 

arrowSearch Advisories

arrowNewsletter

Free weekly Newsletter.

Please enter your email address here:
arrowReport Vulnerability

If you've found a vulnerability please
click here to report it.
arrowPartners

newsnow

About Us | Contact Us | Advertise | email | Backend flag
Copyright © 2016-2017 Security Corporation - All Rights Reserved - Legal - Privacy Policy