logo Home

Untitled Document

Home > Archives Advisories > Articles


Untitled Document

Untitled Document

FipsGuestbook script injection
Date: 2003-04-15

Author : drG4njubas <http://www.blacktigerz.org>

Subject:
FipsGuestbook Version 1.12.7 script injection.

Description:
Written entirely in ASP and VBScript, easy to install
ASP guestbook manager with web based administration panel.

Vendor:
FipsASP
http://www.fips.at.tf

Vulnerability:
new_entry.asp neglects filtering user input allowing
for script injection to the guestbook via "Name" field.
The injected script will be executed in anyones browser
who visits the guestbook.



 

arrowSearch Advisories

arrowNewsletter

Free weekly Newsletter.

Please enter your email address here:
arrowReport Vulnerability

If you've found a vulnerability please
click here to report it.
arrowPartners

newsnow

About Us | Contact Us | Advertise | email | Backend flag
Copyright © 2016-2017 Security Corporation - All Rights Reserved - Legal - Privacy Policy