Winn Guestbook v2.4.8c Stored XSS  漏洞

# Exploit Title: Winn Guestbook v2.4.8c Stored XSS  
# Date: 12/29/11  
# Author: G13  
# Software Link: http://code.google.com/p/winn-guestbook/,  
http://www.winn.ws  
# Version: 2.4.8c  
# Category: webapps (php)  
# CVE: 2011-5026  
##### Vulnerability #####  
There is no sanitation on the input of the name variable. This allows  
malicious scripts to be added. This is a stored XSS.  
##### Vendor Notification #####  
12/24/11 - Vendor Notified.  
12/27/11 - Vendor Acknowledged, Patch Issued.  
##### Resolution #####  
Upgrade to Version 2.4.8d  
##### Affected Variables #####  
name=[XSS]  
##### Exploit #####  
The script can be added right in the page, there is no filtering of  
input. This can easily be exploited if the email address used is added  
to the "approved posters" list.

本文由站长原创或收集,不代表本站立场,如若转载,请注明出处:http://www.yesck.com/post/494/

本文 暂无 评论

回复给

欢迎点评

联系我们

站长QQ:8117829

站长邮件:8117829@qq.com

工作时间:周一至周五,9:30-18:30,节假日休息

QR code