TUCoPS :: Web :: Guestbooks :: b06-2740.htm

ASPScriptz Guest Book 2.0 XSS
ASPScriptz Guest Book 2.0 XSS
ASPScriptz Guest Book 2.0 XSS



------------------------------------------------------------------=0D
            - ASPScriptz Guest Book 2.0 Remote XSS -=0D
-= http://colander.altervista.org/advisory/ASzGB.txt =-=0D 
------------------------------------------------------------------=0D
=0D
	       -= ASPScriptz Guest Book 2.0 =-=0D
=0D
=0D
=0D
Omnipresent=0D
May 18, 2006=0D
=0D
=0D
Vunerability(s):=0D
----------------=0D
XSS Attack=0D
=0D
=0D
Product:=0D
--------=0D
ASPScriptz Guest Book 2.0=0D
=0D
Vendor:=0D
--------=0D
http://www.aspscriptz.com=0D 
=0D
=0D
Description of product:=0D
-----------------------=0D
=0D
Guesbook is a free open source guestbook.Simply download it and unzip it and upload it into the root directory of your =0D
server.It is working now.Smilies support it also added in this version.Admin can disable or enable HTML support.Admin =0D
section is also included.=0D
=0D
=0D
Vulnerability / Exploit:=0D
------------------------=0D
=0D
>From line 109 to line 113, there are the vulnerable code:=0D
=0D
[...]=0D
=0D
GBOOK_UNAME	=	REQUEST.FORM("GBOOK_UNAME")=0D
GBOOK_EMAIL	=	REQUEST.FORM("GBOOK_EMAIL")=0D
GBOOK_CITY	=	REQUEST.FORM("GBOOK_CITY")=0D
GBOOK_COU	=	REQUEST.FORM("GBOOK_COU")=0D
GBOOK_WWW	=	REQUEST.FORM("GBOOK_WWW")=0D
=0D
[...]=0D
=0D
As you can see, the variables:=0D
GBOOK_UNAME=0D
GBOOK_CITY=0D
GBOOK_COU=0D
=0D
are not properly sanitized before being used, so a remote attacker can inject arbitrary HTML code.=0D
=0D
So, the programmer for delete the bug can modify the source code with a simple replace().=0D
=0D
=0D
PoC / Proof of Concept of SQL Injection:=0D
----------------------------------------=0D
=0D
Not very hard.. :D Just put  in the Name, City and Country fields.=0D
=0D
Vendor Status=0D
-------------=0D
=0D
[2006/06/05] Vendor Informed!=0D
=0D
Credits:=0D
--------=0D
omnipresent=0D
omnipresent@email.it 

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH