SecurityReason - CuteGuestbook XSS attack

Advisory Text :

------------------------------------------------------------------

- Cute Guestbook Remote XSS Exploit -

-= http://colander.altervista.org/advisory/CuteGuestbook.txt =-

------------------------------------------------------------------

-= Cute Guestbook =-

Omnipresent

May 04, 2006

Vunerability(s):

----------------

XSS Exploit

Product:

--------

Cute Guestbook

Vendor:

--------

http://www.scriptsez.net/index.php?action=detail&id=1086399301

Description of product:

-----------------------

PHP based guestbook requires no configuration and no database. Features:
Bad words filter, number of messages per page,

total messages to keep in record, emoticons with comments and much more.

Platform(s): linux, windows

Date Added: Jun 5, 2004

Last Updated: Feb 11, 2006

Author: Scriptsez Inc.

Vulnerability / Exploit:

------------------------

The applications Cute Guestbook is vulnerable to an XSS (Cross-Site
Scripting) Attack.

PoC / Proof of Concept:

-----------------------

An attacker can go to this URL:

http://www.victim_host/[path]/guestbook.php?action=sign

or

http://www.victim_host/[path]/guestbook.php

and then click on:

Click here to sign our Guestbook

Then insert in the field Name the Nick and in the field Comments put XSS
like:

<script>alert("You are vulnerabile to XSS")</script>

Additional Informations:

------------------------

google dorks: "Powered By:Cute Guestbook"

Vendor Status

-------------

Not informed!

Credits:

--------

omnipresent

omnipresent (at) email (dot) it [email concealed]