XSS Vulnerability in MWGuest

Summary

Vulnerability
XSS Vulnerability in MWGuest
Discovered
2006.04.06
Last Update
2006.04.17 Exploitation code published
ID
EV0122
CVE
CVE-2006-1979
Risk Level
low
Type
Cross Site Scripting
Status
Unpatched. No reply from developer(s)
Vendor
Manic Web
Vulnerable Software
MWGuest (http://www.manicweb.co.uk/)
Version
2.1.0
PoC/Exploit
Available
Solution
Not available
Discovered by
Aliaksandr Hartsuyeu (eVuln.com)

Description

Cross Site Scripting found in MWGuest (http://www.manicweb.co.uk/) script.

Vulnerable Script: mwguest.php

Parameter homepage is not properly sanitized. This can be used to post arbitrary HTML or web script code.

Condition: magic_quotes_gpc = off

PoC/Exploit

Cross-Site Scripting Example:

URL: http://[host]/mwguest/mwguest.php
Homepage: ">[XSS]<aaa aaa="

Solution.

Solution for "XSS Vulnerability in MWGuest" is not available. Check Manic Web website for updates.

Order Source Code Audit

Prevent hacker attacks by source code analysis of your site done by Aliaksandr Hartsuyeu.The work will be done by experts in web application security.

Advisories by vuln type

Website Monitoring

Daily malware scanning. Allows to receive alerts about security problems in your website.
Details >>

Malicious redirects detected?

eVuln team will eliminate the reason, clean your website and monitor it.
Details >>

Website blacklisted?

eVuln team will clean your website, discover and fix security holes, remove from blacklists.
Details >>