----- Original Message -----
From: "drG4njubas" <drG4nj@mail.ru>
To: <bugtraq@securityfocus.com>
Sent: Monday, April 07, 2003 1:01 AM
Subject: Orplex guestbook script injection.
> This advisory and other useful files can
> be found at http://www.blacktigerz.org
>
>
> Date:
> 07.04.2003
>
> Subject:
> Orplex guestbook script injection.
>
> Description:
> Free asp guestbook. Main fetures are:inserting
> smiles as icons; web-based administration; bad word
> filtering.
>
> Vendor:
> Orplex consulting inc.
> http://www.orplex.com
>
> Vulnerability:
> addentry.asp neglects filtering user input allowing
> for script injection to the guestbook via "Name"
> and "Massage" fields. The injected script will be
> executed in anyones browser who visits the guestbook.
>
>
> Black Tigerz Research Group
> We are:Areus,Barracuda,n1Tr0f4n,Velzevol,drG4njubas.
> Please visit our website: http://www.blacktigerz.org
>
TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH
