lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Date: Fri, 14 Mar 2003 17:22:51 -0500
From: flur <flur@...rnet.org>
To: bugtraq Security List <bugtraq@...urityfocus.com>
Subject: Guestbook v1.1.3 CSS Vuln


Project:   Filebased guestbook.
Author:    Copyright (c) Urs <urs@...cle.ch>
Version:   1.1.3
Update:    17-09-2002
Homepage:  http://www.circle.ch/scripts/

This PHP guest book script is vulnerable to hostile cross scripting in the 
'comment' section of guest book posts. Comments span across multiple pages, 
with the newest on the first page- thus a malicious user could easily embed 
hostile code and expect all that read the guest book with script-processing 
browsers to execute it.

The vendor has indicated that this project has been discontinued.



____________________ __ _
~FluRDoInG                        flur@...rnet.org
                             http://www.flurnet.org
KEY ID 0x8C2C37C4 (pgp.mit.edu) RSA-CAST 2048/2048
1876 B762 F909 91EB 0C02  C06B 83FF E6C5 8C2C 37C4

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ