Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web :: Guestbooks :: a6134.htm

ISC guestbook script injection vulnerability
10th Apr 2003 [SBWID-6134]

	ISC guestbook script injection vulnerability


	current version


	Black Tigerz Research Group [] found following  about
	ISC guestbook, Free, easy to use asp  powered  guestbook.  Main  fetures
	are:     web-based     administration,      bad      word      filtering
	gb_eintragen.asp neglects  filtering  user  input  allowing  for  script
	injection to the guestbook  via  "Ihr  Name",  "Ihre  EMail"  and  "Ihre
	Homepage" fields. The  injected  script  will  be  executed  in  anyones
	browser who visits the guestbook.



TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH