Bugtraq mailing list archives
PBL Guestbook v1.31 - XSS
From: luny () youfucktard com
Date: 7 Jun 2006 20:13:25 -0000
PBLGuestbook v1.31 Homepage: http://www.pixelatedbylev.com/ Effected files: input boxes of the guestbook. XSS Vulnerabilities PoC: I noticed that common tags like <script> are filtered into the words "SCRIPT BLOCKED" in this guestbook, however img tags as well as others go unfiltered in the Name, Email,and Website boxes. In turn, this could cause an XSS attack to occur. For PoC just enter: <IMG SRC=javascript:alert('XSS')> in any of these boxes.
Current thread:
- PBL Guestbook v1.31 - XSS luny (Jun 08)