page XSS Vulnerability in Doika guestbook
Summary
- Vulnerability
- page XSS Vulnerability in Doika guestbook
- Discovered
- 2006.08.21
- Last Update
- 2006.08.31 Exploitation code published
- ID
- EV0134
- CVE
- CVE-2006-4325
- Risk Level
- low
- Type
- Cross Site Scripting
- Status
- Unpatched. No reply from developer(s)
- Vendor
- n/a
- Vulnerable Software
- Doika guestbook (http://doika.net/)
- Version
- 2.5
- PoC/Exploit
- Available
- Solution
- Not available
- Discovered by
- Aliaksandr Hartsuyeu (eVuln.com)
Description
Cross Site Scripting found in Doika guestbook (http://doika.net/) script.
Cross-Site Scripting.
Vulnerable Script: gbook.php
Parameter page is not properly sanitized. This can be used to post arbitrary HTML or web script code.
PoC/Exploit
Cross-Site Scripting Example:
URL: http://[host]gbook.php?id=new
new entry:
url: http://host/" onmouseover="alert(123)
Solution.
Solution for "page XSS Vulnerability in Doika guestbook" is not available. Check vendor's website for updates.