FipsGuestbook Version 1.12.7 script injection.

From: drG4njubas (drG4njat_private)
Date: Mon Apr 14 2003 - 06:19:03 PDT

Next message: OTERO Hernan Gustavo EDS: "ActivCard password cache memory leakage"

Previous message: drG4njubas: "Web Wiz Site News realease v3.06 administration access."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date:
14.04.2003

Subject:
FipsGuestbook Version 1.12.7 script injection.

Description:
Written entirely in ASP and VBScript, easy to install
ASP guestbook manager with web based  administration panel.

Vendor:
FipsASP
http://www.fips.at.tf

Vulnerability:
new_entry.asp neglects filtering user input allowing 
for script injection to the guestbook via "Name" field. 
The injected script will be executed in anyones browser 
who visits the guestbook.

Black Tigerz Research Group
We are:Areus,Barracuda,n1Tr0f4n,Velzevol,n3ch,drG4njubas.
Please visit our website: http://www.blacktigerz.org

Next message: OTERO Hernan Gustavo EDS: "ActivCard password cache memory leakage"
Previous message: drG4njubas: "Web Wiz Site News realease v3.06 administration access."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Apr 14 2003 - 10:52:35 PDT