XSS Vulnerability in Chipmunk Guestbook

Summary

Vulnerability: XSS Vulnerability in Chipmunk Guestbook
Discovered: 2005.12.29
Last Update: 0 n/a
ID: EV0004
CVE: CVE-2006-0069
Risk Level: low
Type: Cross Site Scripting
Status: Unpatched
Vendor: Chipmunk (http://www.chipmunk-scripts.com/)
Vulnerable Software: Chipmunk Guestbook
Version: 1.4 and earlier
PoC/Exploit: Available
Solution: Not available
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)

Description

Cross Site Scripting found in Chipmunk Guestbook script.

Vulnerable script: addentry.php

Variable $homepage isn't properly sanitized. This can be used to post arbitrary script code which will be executed in the browser of every guestbook visitor.

Cookie-based authentication is threatened.

PoC/Exploit

Add an entry form:
http://somesite/guestbook/addentry.php

Homepage value: '></a><script>alert(123);</script>

Solution.

Solution for "XSS Vulnerability in Chipmunk Guestbook" is not available. Check Chipmunk website for updates.

XSS Vulnerability in Chipmunk Guestbook

Summary

Description

PoC/Exploit

Solution.

Company

Services

eVuln Labs

eVuln Tools