ftls.org Guestbook 1.1 Script Injection

From: BrainRawt . (brainrawtat_private)
Date: Fri Jan 24 2003 - 17:14:34 PST

Next message: Carlos Eduardo Vianna: "Re: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!"

Previous message: Michael Bacarella: "MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

ftls.org  Guestbook 1.1 Script Injection Vulnerabilities
Discovered By BrainRawt (brainrawtat_private)

About MyGuestbook:
------------------
Your basic guestbook that can be downloaded at
http://www.ftls.org/en/examples/cgi/Guestbook.shtml#s1.

Vulnerable (tested) Versions:
--------------------
guestbook v 1.1

Vendor Contact:
----------------
  9-27-02 - Emailed webmasterat_private
12-15-02 - Emailed tyndiukat_private

Vulnerability:
----------------
guestbook.cgi inproperly filters user input making the guestbook
vulnerable to script injection.

Exploit (POC):
----------------
When filling in ones name use:
<script>alert('your_name_field_vuln_to_injection')</script>

When filling in the Title use:
<script>alert('title_field_vuln_to_injection')</script>

When filling in the Comment use:
<script>alert('comments_field_vuln')</script>

---------------------------------------------------------------------
Which looks better?  Blackhat or White? You Decide! - BrainRawt




_________________________________________________________________
Protect your PC - get McAfee.com VirusScan Online  
http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963

Next message: Carlos Eduardo Vianna: "Re: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!"
Previous message: Michael Bacarella: "MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Jan 25 2003 - 01:32:47 PST