Bugtraq mailing list archives
MJGuest 6.8 GT Cross Site Scripting Vulnerability
From: irancrash () gmail com
Date: 29 Jul 2008 20:33:41 -0000
---------------------------------------------------------------- Script : MJGuest 6.8 GT Type : Cross Site Scripting Vulnerability Alert : Medium ---------------------------------------------------------------- Discovered by : Khashayar Fereidani Our Team : IRCRASH My Official Website : HTTP://FEREIDANI.IR Khashayar Fereidani Email : irancrash [ a t ] gmail [ d o t] com ---------------------------------------------------------------- Khashayar Fereidani Offical Website : HTTP://FEREIDANI.IR ---------------------------------------------------------------- Script Download : http://www.mdsjack.bo.it/files/mjguest_6.8gt.zip ---------------------------------------------------------------- XSS Vulnerability : Invalid Code : ./guestbook.js.php => document.write('<a href="javascript:guestbook()">' + '<?php echo $_GET['link']?>' + '</a>'); Vulnerable variable : link Address : http://Example/guestbook.js.php?link=[XSS] Solution : Filter link variable with htmlsepcialchars() function . ---------------------------------------------------------------- Tnx : God HTTP://IRCRASH.COM ----------------------------------------------------------------
Current thread:
- MJGuest 6.8 GT Cross Site Scripting Vulnerability irancrash (Jul 30)