42 lines
No EOL
1.5 KiB
Text
42 lines
No EOL
1.5 KiB
Text
[:::::::::::::::::::::::::::::::::::::: 0x1 ::::::::::::::::::::::::::::::::::::::]
|
|
>> General Information
|
|
Advisory/Exploit Title = Guestbook PHP XSS Vulnerability
|
|
Author = Valentin Hoebel
|
|
Contact = valentin@xenuser.org
|
|
|
|
|
|
[:::::::::::::::::::::::::::::::::::::: 0x2 ::::::::::::::::::::::::::::::::::::::]
|
|
>> Product information
|
|
Name = Guestbook PHP
|
|
Vendor = G5 Scripts
|
|
Vendor Website = http://www.g5-scripts.de
|
|
Affected Version(s) = 1.2.8
|
|
|
|
|
|
[:::::::::::::::::::::::::::::::::::::: 0x3 ::::::::::::::::::::::::::::::::::::::]
|
|
>> #1 Vulnerability
|
|
Type = XSS
|
|
Affected Input Boxes = "Name", "Vorname", "Land", "Message"
|
|
|
|
The guestbook fails to properly sanitize the user input when a new entry is added.
|
|
When HTML/Java Script code is added, it gets displayed/parsed when the new entry was
|
|
successfully submitted.
|
|
|
|
Furthermore the code gets executed when the admin views the entries in the control panel.
|
|
It is even possible to temporarily disable the admin features in the backend
|
|
since the injected code gets executed before the admin buttons get displayed.
|
|
When the correct code was injected, the design gets destroyed and the admin buttons disappear.
|
|
|
|
|
|
[:::::::::::::::::::::::::::::::::::::: 0x4 ::::::::::::::::::::::::::::::::::::::]
|
|
>> Additional Information
|
|
Advisory/Exploit Published = 24.04.2010
|
|
|
|
|
|
[:::::::::::::::::::::::::::::::::::::: 0x5 ::::::::::::::::::::::::::::::::::::::]
|
|
>> Misc
|
|
Greetz && Thanks = inj3ct0r team, Exploit DB, hack0wn and ExpBase!
|
|
<3 packetstormsecurity.org!
|
|
|
|
|
|
[:::::::::::::::::::::::::::::::::::::: EOF ::::::::::::::::::::::::::::::::::::::] |