___________ ____________ ____ __ ___ ______________ |\ ____ \ |\ ____ \ |\ \|\ \|\ \ |\_____ ____\ | \ \__|\ \ | \ \__|\ \ | \ \ \ \ \ \ | | |\ \ | \ \ ___ | \ \ ____ \ \ \ \_| \_| \ \|___| \ \__| \ \ \_|\ \_ \ \ \__|\ \ \ \ _ \ \ \ \ \ \ \\ \ \ \ \ \ \ \ \ \ \ |\ http://rawt.daemon.sh \ \___\\ \___\ \ \___\ \ \___\ \ \____| \_____\ \ \___\ \ | | \ | | \ | | \ | | \ | |\ | | \ | | \|___| \|___| \|___| \|___| \|___| \|____| \|___| Levcgi.coms MyGuestbook JavaScript Injection Vulnerability Discovered By BrainRawt (brainrawtat_private) About MyGuestbook: ------------------ Highly customizable guestbook that was released on Feb. 20, 2002, and can be downloaded at http://www.levcgi.com/programs.cgi?program=myguestbook According to the website, ...myGuestbook has been downloaded 1298 times! Vulnerable (tested) Versions: -------------------- MyGuestbook v 1.0 Vendor Contact: ---------------- 4-28-02 - Emailed levat_private 4-30-02 - No Reply from the author and I have decided not to wait since I never got a reply about another concern i had several months ago involving one of his cgi scripts. Vulnerability: ---------------- myguestbook inproperly filters input to the guestbook making the guestbook prone to cross-site scripting attacks by malicious visitors to the site. This could be a medium to high concern when mixed with a website that uses cookies. Exploit (POC): ---------------- Sign up and post using the "name" <script>alert('evil+java+script+here')</script> or When posting comments just insert the <script>alert('evil+java+script+here')</script> to the comments field. -------------------------------------------------------------------------- Knowledge is Power! How Powerful are you? - BrainRawt _________________________________________________________________ Send and receive Hotmail on your mobile device: http://mobile.msn.com
This archive was generated by hypermail 2b30 : Tue Apr 30 2002 - 15:11:46 PDT