[25326] in bugtraq
Levcgi.coms MyGuestbook JavaScript Injection Vulnerability
daemon@ATHENA.MIT.EDU (BrainRawt .)
Tue Apr 30 18:36:18 2002
From: "BrainRawt ." <brainrawt@hotmail.com>
To: bugtraq@securityfocus.com
Date: Tue, 30 Apr 2002 21:45:25 +0000
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: <F22LlmNI5aIptmMWNCq00005651@hotmail.com>
___________ ____________ ____ __ ___ ______________
|\ ____ \ |\ ____ \ |\ \|\ \|\ \ |\_____ ____\
| \ \__|\ \ | \ \__|\ \ | \ \ \ \ \ \ | | |\ \ |
\ \ ___ | \ \ ____ \ \ \ \_| \_| \ \|___| \ \__|
\ \ \_|\ \_ \ \ \__|\ \ \ \ _ \ \ \ \
\ \ \\ \ \ \ \ \ \ \ \ \ \ |\ http://rawt.daemon.sh
\ \___\\ \___\ \ \___\ \ \___\ \ \____| \_____\ \ \___\
\ | | \ | | \ | | \ | | \ | |\ | | \ | |
\|___| \|___| \|___| \|___| \|___| \|____| \|___|
Levcgi.coms MyGuestbook JavaScript Injection Vulnerability
Discovered By BrainRawt (brainrawt@hotmail.com)
About MyGuestbook:
------------------
Highly customizable guestbook that was released on Feb. 20, 2002, and
can be downloaded at http://www.levcgi.com/programs.cgi?program=myguestbook
According to the website, ...myGuestbook has been downloaded 1298 times!
Vulnerable (tested) Versions:
--------------------
MyGuestbook v 1.0
Vendor Contact:
----------------
4-28-02 - Emailed lev@taintedthoughts.com
4-30-02 - No Reply from the author and I have decided not to wait since I
never got a reply about another concern i had several months ago
involving one of his cgi scripts.
Vulnerability:
----------------
myguestbook inproperly filters input to the guestbook making the guestbook
prone to cross-site scripting attacks by malicious visitors to the site.
This
could be a medium to high concern when mixed with a website that uses
cookies.
Exploit (POC):
----------------
Sign up and post using the "name"
<script>alert('evil+java+script+here')</script>
or
When posting comments just insert the
<script>alert('evil+java+script+here')</script>
to the comments field.
--------------------------------------------------------------------------
Knowledge is Power! How Powerful are you? - BrainRawt
_________________________________________________________________
Send and receive Hotmail on your mobile device: http://mobile.msn.com
