|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 1285 CVE : CVE-2006-3852 SecurityRisk : Low  (About) Remote Exploit : Yes Local Exploit : No Exploit Available : Yes Credit : omnipresent Published : 27.07.2006
Advisory Content : .:. MicroGuestBook Remote XSS Bug .:. Date: ----- July 2006, 22 Product: -------- MicroGuestBook Latest Version Vendor: ------- http://www.phptoys.com Description: ------------ Micro guestbook is a MySQL based guestbook script with a CSS based attractive interface. It can store the name, date, message, location, web and email information of the visitor. Exploit(s)/Advisory(ies): ------------------------- The application is vulnerable to a Remote XSS Bug. The field 'name' and 'comment' are not properly sanitized before being used, so a malicious people can exploit this vulnerability to inject arbitrary HTML and script code. If you look the code in add.php you can see: [...] if (isset($_POST['submitBtn'])) { $name = (isset($_POST['name'])) ? $_POST['name'] : '' ; $comment = (isset($_POST['comment'])) ? $_POST['comment'] : '' ; $location = (isset($_POST['location'])) ? $_POST['location'] : '' ; $website = (isset($_POST['website'])) ? $_POST['website'] : '' ; $email = (isset($_POST['email'])) ? $_POST['email'] : '' ; $actDate = date("Y-m-d H:i:s"); //Minimum name and comment length. if ((strlen($name) > 2) && (strlen($comment) > 5)){ $sql = "INSERT INTO guestbook (name,text,insertdate,location,web,email) VALUES ("; $sql .= "'".$name."','".$comment."','".$actDate."','".$location."','".$website." ','".$email."')"; $MyDb->f_ExecuteSql($sql); [...] And in index.php you will see: [...] <div id="name"><?php echo $row['name']; ?></div> <div id="info"> <div id="infoicons"> <?php if (strlen($row['web']) > 5) echo '<a href="http://'.$row['web'].'"><img src="style/www.gif"></a>'; if (strlen($row['email']) > 5) echo '<a href="mailto:'.$row['email'].'"><img src="style/mail.gif"></a>'; ?> </div> <div id="infodate"><?php echo $row['insertdate']; ?></div> </div> </div> <div id="base"> <div id="icon"><?php echo $row['location']; ?></div> <div id="text"><?php echo nl2br($row['text']); ?></div> [...] PoC(s): ------- You can put your own HTML or script code in the field name or comment. Try: <script>alert("XSS")</script> Vendor Status: -------------- [July 2006, 22] Vendor contacted! Patches: -------- [July 2006, 22] At the moment there is no patch available from the vendor. You can take a look at this site if a patch will be posted up: http://www.phptoys.com If you don't wanna wait, edit the source code to ensure that input is properly sanitised. Credits: -------- omnipresent omnipresent[at]email[dot]it http://it.security.netsons.org  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
Allow attacker to denial of service apache 2.2.17 server |
||
| Apache |  |
|
| PHP | |
|
» libzip 0.9.3 |
||
| ADT | ||
Protect your family and valuables with Home Security Systems |
||
- 2011-05-13| Copyright © SecurityReason.com. All Rights Reserved. |