Guesbook Pro XSS & HTML Injection

To: full-disclosure@xxxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx, news@xxxxxxxxxxxxxx, sec@xxxxxxxxxxxxxxxx, bugs@xxxxxxxxxxxxxxxxxxx, submissions@xxxxxxxxxxxxxxxxxxxxxxx, vuln@xxxxxxxxxxx, alerts_advisories@xxxxxxxxxxxxxxxx
Subject: Guesbook Pro XSS & HTML Injection
From: SoulBlack Group <soulblacktm@xxxxxxxxx>
Date: Tue, 10 May 2005 21:36:58 -0300
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=FrSRvEJcmg+wBmO3G43v8eyg+gkWYBc98OKOA96/hA9jfxFWfTVDJyyEFuK97r4VtAoly3x0GVioydtOMTozb480Leh4Vcg9mMjM96d/AsNS/iHnvcd1jBYCOfAP5xS9ua6kMQnHWU8LqW2xpLJy2Ee9UYphToiYBlOmIahwesU=
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Reply-to: SoulBlack Group <soulblacktm@xxxxxxxxx>

============================================================

============================================================
Title: Guestbook PRO
Vulnerability discovery: SoulBlack - Security Research -
http://soulblack.com.ar
Date: 10/05/2005
Severity: Medium. defacement website
Affected version:  <= v3.2.1
vendor: PixySOft.
============================================================

============================================================

* Summary *

Guestbook PRO is an advanced guestbook for WebApp.

------------------------------------------------------------------------------------------------------------------------

* Problem Description *

A new vulnerability is in the content and title of msg, when not controlling the
entrance of  characters, being able to inject HTML code.

------------------------------------------------------------------------------------------------------------------------

* Example *

Type in the title or content of msg

<script>alert(document.cookie)</script>

<iframe src=http://othersite/sb.php>

------------------------------------------------------------------------------------------------------------------------

* Fix *

Contact the Vendor.

------------------------------------------------------------------------------------------------------------------------

* References *

http://www.soulblack.com.ar/repo/papers/guesbookpro_advisory.txt

------------------------------------------------------------------------------------------------------------------------

* Credits *

Vulnerability reported by SoulBlack Security Research

============================================================

--
SoulBlack - Security Research
http://www.soulblack.com.ar

Prev by Date: Re: TCP/IP implementations do not adequately validate ICMP error messages
Next by Date: Ethereal <= 0.10.10 SIP dissector stack overflow DoS exploit
Previous by thread: Re: Commonly used disk imaging and wiping tools can be tricked to miss parts of a disk
Next by thread: Ethereal <= 0.10.10 SIP dissector stack overflow DoS exploit
Index(es):
- Date
- Thread