MySQLguest from AllWebscripts is vulnerable to an HTML injection flaw that is exposed via the entry submitting form due to a lack of proper sanitization.
adff55a9298359f4f057edc112d12bbf74c373c97e76c2d43184798b9bc21eec
Vendor: AllWebscripts
Product: MySQLguest
URL: https://www.allwebscripts.com
Product:
MySQLguest by Allwebscripts is a guestbook script that uses MySQL to
store messages.
Vulnerablitity:
Allwebscripts' MySQLguest is vulnerable to an HTML injection
vulnerability that is exposed via the entry submitting form. Fields in
the form are not adequately sanitized of HTML and script code.
Danger:
This may permit execution of hostile script code when a user views
pages that include the injected code.
Exploit:
On AWSguest.php one needs to fill in "Name", "Email", "Homepage" and
"Comments". The fields in this form are not sanitized so one can fill
in HTML, PHP and Javascript tags.
Exploit Example:
E-mail: <?php echo <p>Hello World</p>
Homepage: <script language=javascript>alert ("Messagebox")
Comments: <IFRAME SRC=www.computerknights.org>
Credit:
BliZZard
Friends:
https://www.computerknights.org
https://hackerslegion.com