GuestBookHost : Cross Site Scripting

From: Julien L. (jlantheaat_private)
Date: Mon Jun 23 2003 - 18:40:36 PDT

  • Next message: akcess .: "Re: TA-2003-06 Directory Transversal Vulnerability in iWeb Server 2" 

    -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



              GuestBookHost : Cross Site Scripting


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Program    : GuestBookHost
Url vendor : http://www.nukedweb.com/phpscripts/guestbookhost.php
Problem    : Multiple Cross Site Scripting Vulnerabilities
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Author     : Julien LANTHEA (contactat_private)
Www        : jlanthea.net
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


DESCRIPTION :
~~~~~~~~~~~~~
GuestBookHost allows you to start your own free guestbook service
for you to offer to other webmasters. Other webmasters can sign
up to your service, get the HTML code for their guestbook, view
the stats, set the colors for their guestbook, and users can log
in later to edit these settings. GuestBookHost also blocks users
from posting multiple times.


PROBLEM :
~~~~~~~~~
When you sign the guestbook, it's possible to include codes into
the 'Name', 'Email' or 'Message' fields. Then when the guestbook
is viewed, the code is executed (client side).


EXPLOIT :
~~~~~~~~~
For example, by including the following javascript code into one
of the 3 fields, the guestbook would be out of service, because when
requested, it would immediatly redirect every clients to 'www.toto.com'.

<script>window.location.replace("http://www.toto.com");</script>


SOLUTION :
~~~~~~~~~~
No solution yet, vendor has been informed by mail.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+96wah1Va+cDKxxQRAh5pAJsHiU9YXTA70bFQ/Ntej950M5uQBACfVWcf
ajgpSvmGc8dbbuyqlfpCZn8=
=VvAI
-----END PGP SIGNATURE-----

    This archive was generated by hypermail 2b30 : Tue Jun 24 2003 - 09:44:52 PDT