XSS Vulnerability in Guest-book script powered by Community Architect
[This document is best seen with Font: Verdana Size: 9pt]
Advisory Name
===========
XSS Vulnerability in Guest-book script powered by Community Architect
Vulnerable Systems
==============
Sites providing web-hosting service powered by Community Architect.
Found By
=======
Susam Pal
Found On
=======
4th April, 2006
Vulnerability Type
=============
Cross Site Scripting (XSS)
Action Taken
=========
Reported to 20m.com (20m.com is one of the sites powered by Community Architect)
Response
=======
20m.com fixed the vulnerability on 10th April, 2006
System Description
==============
Many web-hosting sites powered by Community Architect offer free as well as
paid services to those who want to host a website on their servers. They offer
customized Guest-book input form page
(http://www.vulnerablesite.com/fsguest.html), Guest-book page
(http://www.vulnerablesite.com/fsguestbook.html) along with ready-made script
(http://www.vulnerablesite.com/cgi-bin/guest) to the web-designer designing a
website on their servers.
A person visiting the website signs the guest-book by filling up the form in
http://www.vulnerablesite.com/fsguest.html. On submission, the inputs are
submitted to the script, http://www.vulnerablesite.com/cgi-bin/guest on the
server. The script processes the input and updates the page,
http://www.vulnerablesite.com/fsguestbook.html to reflect the new message
submitted by the user.
Vulnerability Description
=================
The script, http://www.vulnerablesite.com/cgi-bin/guest, is vulnerable to XSS
since it doesn't validate the input for the presence of HTML tags. As a result
HTML tags & JavaScript codes entered as input in the form of
http://www.vulnerablesite.com/fsguest.html become a part of the HTML code of
http://www.vulnerablesite.com/fsguestbook.html and hence it is executed by the
browser when any user visits the page.
It provides the attacker an opportunity to inject HTML formatting elements to
tamper with the display of the page or inject JavaScript code to trouble the
user visiting this page.
Contact Information
==============
For more information, please contact:-
Susam Pal,
Infosys Technologies Ltd.
Survey No. 210, Manikonda Village
Lingampally, Rangareddy District
Hyderabad, PIN 500019
India
Phone No.: +91-99859521
Email: susam.pal@xxxxxxxxx