Multiple XSS in MCG GuestBook

Description

Cross Site Scripting found in MCG GuestBook script.

Multiple XSS in MCG GuestBook

All vulnerabilities found in gb.cgi script. It doesn't have proper XSS sanitation filters.

XSS vulnerable parameters:

• name
• email
• website
• message

All these parameters are not sanitized. This can be used to insert any html or script code. Admin panel is vulnerable also.

PoC/Exploit

XSS poc code

All form parameters dont pass any XSS sanitation filters.

XSS Examples.

Parameter "name": <script>alert('XSS Vuln')</script>

Parameter "email": "<script>alert('Vulnerable')</script>

Parameter "website": "<script>alert('Vulnerable')</script>

Parameter "message": <script>alert('XSS Vuln')</script>

Solution.

Solution for "Multiple XSS in MCG GuestBook" is not available. Check Mrcgiguy website for updates.

Company

• PC Evuln.com / II Evuln.com
• Email:
• skype: evuln.com
• Phone: +37068935936

Services

• Hack Repair
• Hack Insurance
• External Monitoring
• Pricing
• Partner Program

eVuln Labs

• Scanner Statistics
• eVuln Advisories
• Fixing Guide

eVuln Tools

• Malware Scanner
• PHP Code Scanner
• HTTP Packet Generator
• XSS String Encoder
• SQL String Encoder