TP-Book <= 1.00 Cross Site Scripting Vulnerabilities

tamriel Wed, 26 Jul 2006 14:09:42 -0700

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1



      Advisory: TP-Book <= 1.00 Cross Site Scripting Vulnerabilities

  Release Date: 2006/07/25

 Last Modified: 2006/07/25

        Author: Tamriel [tamriel at gmx dot net]

   Application: TP-Book <= 1.00

          Risk: Low

 Vendor Status: not contacted

   Vendor Site: tobias.kloy.googlepages.com



 Overview:


   Quote from tobias.kloy.googlepages.com:


   "Das Gaestebuch verfuegt über folgende Features:

    - Anpassbare Templates

    - Viele Systeme, um Dauerspammer auszuschließen

    - Admincontrol-Panel

    - Einfache Installation durch einen Wizard"



 Details:


      In your guestbook posts the name will not be checked by the script.

      Attackers can so perform cross site scripting attacks.



 Solution:


      Take a view on PHP's htmlentities function.


-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.3


iD8DBQFExnkWqBhP+Twks7oRAo+tAJ9xQfU3nR2GdQFpihUfYvZMRcjeOACeM5u8

9pRIeeb4mDLWby9rlVGfMsU=

=sTzT

-----END PGP SIGNATURE-----

TP-Book <= 1.00 Cross Site Scripting Vulnerabilities

Reply via email to