XGB Guestbook 1.2 – User-Embedded Scripting

XGB Guestbook 1.2 – User-Embedded Scripting

漏洞ID 1053576 漏洞类型
发布时间 2002-04-15 更新时间 2002-04-15
图片[1]-XGB Guestbook 1.2 – User-Embedded Scripting-安全小百科CVE编号 N/A
图片[2]-XGB Guestbook 1.2 – User-Embedded Scripting-安全小百科CNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/21381
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/4513/info

xGB is guestbook software. It is written in PHP and will run on most Unix and Linux variants as well as Microsoft Windows operating systems.

xGB allows users to post images in guestbook entries by using special syntax to denote a link to an image. However, script code is not filtered from the image tags ([img][/img]) used by the guestbook. An attacker may cause script code to be executed by arbitrary web users who view the guestbook entries. 

[img]javascript:alert('This Guestbook allows Cross Site
Scripting');[/img]

相关推荐: Multiple Vendor Statd Buffer Overflow Vulnerability

Multiple Vendor Statd Buffer Overflow Vulnerability 漏洞ID 1105035 漏洞类型 Boundary Condition Error 发布时间 1997-11-24 更新时间 1997-11-24 CVE…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享