XSS Vulnerability in MWGuest
- XSS Vulnerability in MWGuest
- Last Update
- 2006.04.17 Exploitation code published
- Risk Level
- Cross Site Scripting
- Unpatched. No reply from developer(s)
- Manic Web
- Vulnerable Software
- MWGuest (http://www.manicweb.co.uk/)
- Not available
- Discovered by
- Aliaksandr Hartsuyeu (eVuln.com)
Cross Site Scripting found in MWGuest (http://www.manicweb.co.uk/) script.Vulnerable Script: mwguest.php
Parameter homepage is not properly sanitized. This can be used to post arbitrary HTML or web script code.
Condition: magic_quotes_gpc = off
PoC/ExploitCross-Site Scripting Example:
Homepage: ">[XSS]<aaa aaa="
Solution for "XSS Vulnerability in MWGuest" is not available. Check Manic Web website for updates.
Order Source Code Audit
Prevent hacker attacks by source code analysis of your site done by Aliaksandr Hartsuyeu.The work will be done by experts in web application security.