[29771] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

FipsGuestbook Version 1.12.7 script injection.

daemon@ATHENA.MIT.EDU (drG4njubas)
Mon Apr 14 14:06:41 2003

From: "drG4njubas" <drG4nj@mail.ru>
To: <bugtraq@securityfocus.com>
Date: Mon, 14 Apr 2003 17:19:03 +0400
Message-ID: <000101c30288$6e39b7b0$8c80763e@user1>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="koi8-r"
Content-Transfer-Encoding: 7bit

Date:
14.04.2003

Subject:
FipsGuestbook Version 1.12.7 script injection.

Description:
Written entirely in ASP and VBScript, easy to install
ASP guestbook manager with web based  administration panel.

Vendor:
FipsASP
http://www.fips.at.tf

Vulnerability:
new_entry.asp neglects filtering user input allowing 
for script injection to the guestbook via "Name" field. 
The injected script will be executed in anyones browser 
who visits the guestbook.

Black Tigerz Research Group
We are:Areus,Barracuda,n1Tr0f4n,Velzevol,n3ch,drG4njubas.
Please visit our website: http://www.blacktigerz.org


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[29771] in bugtraq

FipsGuestbook Version 1.12.7 script injection.

daemon@ATHENA.MIT.EDU (drG4njubas)Mon Apr 14 14:06:41 2003

daemon@ATHENA.MIT.EDU (drG4njubas)
Mon Apr 14 14:06:41 2003