On Tue, Jan 03, 2012 at 08:13:32AM -0500, tom wrote: > # Exploit Title: Tinyguestbook XSS > # Date: 01/03/12 > # Author: G13 > # Software Link: http://code.google.com/p/tinyguestbook/ > # Category: webapps (php) > # > > ##### Vulnerability ##### > > There is no sanitation on the input of the msg variable. This allows > malicious scripts to be added. This is a stored XSS > > ##### Vendor Notification ##### > > 12/23/11 - Vendor Notified. > 12/27/11 - Vendor email. > 01/03/12 - No response, disclosure > > ##### Affected Variables ##### > > Msg=[XSS] > > ##### Exploit ##### > > The script can be added right in the page, there is no filtering of > input. There is also SQL-injection vulnerability, which is not critical. I still reported it to the developer: http://code.google.com/p/tinyguestbook/issues/detail?id=3 - Henri Salo
