Multiple XSS Vulnerabilities in B-net Software
Summary
- Vulnerability
- Multiple XSS Vulnerabilities in B-net Software
- Discovered
- 2006.01.02
- Last Update
- 0 n/a
- ID
- EV0010
- CVE
- CVE-2006-0078
- Risk Level
- medium
- Type
- Cross Site Scripting
- Status
- Unpatched
- Vendor
- n/a
- Vulnerable Software
- B-net Software (http://sourceforge.net/projects/b-net/)
- Version
- 1.0
- PoC/Exploit
- Available
- Solution
- Not available
- Discovered by
- Aliaksandr Hartsuyeu (eVuln.com)
Description
Cross Site Scripting found in B-net Software (http://sourceforge.net/projects/b-net/) script.
Vulnerable scripts: shout.phpguestbook.php
Variables:
$name $shout in shout.php
$title $message in guestbook.php
- not properly sanitized. This can be used to post arbitrary html or script code which will be executed in the browser of every guestbook visitor.
PoC/Exploit
Shoutbox:
Name: <XSS>
Website: anyurl
Message: <XSS>
Guestbook:
http://host/b-net/guestbook.php?action=sign
Name: anyname
Email: anyemail
Web: anyurl
Title: <XSS>
Message: <XSS>
Solution.
Solution for "Multiple XSS Vulnerabilities in B-net Software" is not available. Check vendor's website for updates.