TUCoPS :: Web :: Guestbooks :: b06-3636.htm

Fantastic Guestbook v2.0.1 Advisory
Fantastic Guestbook v2.0.1 Advisory
Fantastic Guestbook v2.0.1 Advisory


.:. Fantastic Guestbook v2.0.1 Advisory .:.=0D
=0D
Date of written Advisory:=0D
-------------------------=0D
=0D
July, 11 2006=0D
=0D
Product:=0D
--------=0D
=0D
Fantastic Guestbook v2.0.1=0D
=0D
Vendor:=0D
-------=0D
=0D
http://fscripts.com/=0D 
=0D
Description:=0D
------------=0D
=0D
Fantastic GuestBook version 2.0.1 is simple GuestBook; where remote user without authentication can post their own message.=0D
No authentication is required! Every body can post message.=0D
=0D
Exploit(s) / Vulnerability(ies):=0D
--------------------------------=0D
=0D
Fantastic GuestBook version 2.0.1 is affected by a Remote XSS Vulnerability. =0D
Some variables are not properly sanitized before being used. =0D
Here you will find the variables not properly sanitized:=0D
=0D
[...]=0D
'first_name'=>$_POST['first_name'],=0D
=0D
'last_name'=>$_POST['last_name'],=0D
'nickname'=>$_POST['nickname'],=0D
=0D
[...]=0D
=0D
PoC(s):=0D
-------=0D
=0D
If a malicious people go into the sign in form and put in the fields First Name, Last Name and Nick Name a code like this:=0D
=0D
=0D
=0D
When you load the page http://127.0.0.1/[path]/guestbook.php or you read the messages of the guestbook you will se a pop-up that "say" 'XSS'.=0D 
=0D
Vendor Status:=0D
--------------=0D
=0D
July, 2006/11 - Not Informed!=0D
=0D
Solution:=0D
---------=0D
=0D
At the moment (July, 2006/11) there are no solutions from the vendor. If you want to make sure the code and your GuestBook you have to sanitize the variables:=0D
firs_name=0D
last_name=0D
nick_name=0D
=0D
Credits:=0D
--------=0D
=0D
omnipresent=0D
omnipresent[at]email[dot]it=0D
http://it.security.netsons.org=0D 
=0D
=0D

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH