发布时间 :2006-03-18 20:02:00
修订时间 :2011-03-07 21:32:35

[原文]Cross-site scripting (XSS) vulnerability in guestbook.php in Soren Boysen (SkullSplitter) PHP Guestbook 2.6 allows remote attackers to inject arbitrary web script or HTML via the url parameter.

[CNNVD]Skull-Splitter PHP ‘guestbook.php’跨站脚本攻击漏洞(CNNVD-200603-287)

        Soren Boysen (SkullSplitter) PHP Guestbook 2.6的guestbook.php中存在跨站脚本攻击(XSS)漏洞,远程攻击者可通过url参数注入任意Web脚本或HTML。

- CVSS (基础分值)

CVSS分值: 2.6 [轻微(LOW)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: HIGH [漏洞利用存在特定的访问条件]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(PATCH)  BID  17136
(UNKNOWN)  VUPEN  ADV-2006-0974
(UNKNOWN)  XF  skullsplitter-guestbook-xss(25293)
(UNKNOWN)  BUGTRAQ  20060329 [eVuln] Skull-Splitter's PHP Guestbook XSS Vulnerability
(UNKNOWN)  VIM  20060318 Vendor ACK for Skull-Splitter Guestbook XSS

- 漏洞信息

Skull-Splitter PHP ‘guestbook.php’跨站脚本攻击漏洞
低危 跨站脚本
2006-03-18 00:00:00 2006-03-20 00:00:00
        Soren Boysen (SkullSplitter) PHP Guestbook 2.6的guestbook.php中存在跨站脚本攻击(XSS)漏洞,远程攻击者可通过url参数注入任意Web脚本或HTML。

- 公告与补丁

        Skull-Splitter Guestbook 2.6
        Skull-Splitter Guestbook 2.75

- 漏洞信息 (F45094)

EV0104.txt (PacketStormID:F45094)
2006-04-01 00:00:00
Aliaksandr Hartsuyeu

Skull-Splitter's PHP Guestbook versions 2.6 and 2.7 suffer from cross site scripting flaws.

New eVuln Advisory:
Skull-Splitter's PHP Guestbook XSS Vulnerability

eVuln ID: EV0104
CVE: CVE-2006-1256
Software: Skull-Splitter's PHP Guestbook
Sowtware's Web Site:
Versions: 2.6 2.7
Critical Level: Harmless
Type: Cross-Site Scripting
Class: Remote
Status: Patched
PoC/Exploit: Available
Solution: Available
Discovered by: Aliaksandr Hartsuyeu (

Vulnerable Script: guestbook.php

Parameter url isn't properly sanitized. This can be used to post arbitrary HTML or JavaScript code.

Condition: magic_quotes_gpc = off

Available at:

Cross-Site Scripting Example:

Version 2.6

URL: http://[host]/guestbook.php? part=add_form
Website: aaa"><script>alert("Vulnerable")</script><aaa a="

Version 2.7

URL: http://[host]/guestbook.php? part=add_form
Website: http://domainbegin"><script>alert("Vulnerable")</script><aaa a="

To fix this problem install or upgrade to 2.75 version provided by vendor.

Discovered by: Aliaksandr Hartsuyeu (

Aliaksandr Hartsuyeu - Penetration Testing Services

- 漏洞信息

Skull-Splitters PHP Guestbook guestbook.php url Parameter XSS
Remote / Network Access Input Manipulation
Loss of Integrity

- 漏洞描述

Skull-Splitters PHP Guestbook contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'url' variable upon submission to the guestbook.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

- 时间线

2006-03-17 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 2.75 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

Skull-Splitter PHP Guestbook HTML Injection Vulnerability
Input Validation Error 17136
Yes No
2006-03-17 12:00:00 2007-02-20 08:28:00
Aliaksandr Hartsuyeu is credited with the discovery of this vulnerability.

- 受影响的程序版本

Skull-Splitter Guestbook 2.6
Skull-Splitter Guestbook 2.75

- 不受影响的程序版本

Skull-Splitter Guestbook 2.75

- 漏洞讨论

PHP Guestbook is prone to an HTML-injection vulnerability. This issue is due to a lack of proper sanitization of user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would be executed in the context of the affected website, potentially allowing for the theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.

- 漏洞利用

This issue can be exploited through use of a web client.

- 解决方案

This issue has been addressed in Guestbook 2.75:

Skull-Splitter Guestbook 2.6

- 相关参考