|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 2663 CVE : CVE-2007-0605 SecurityRisk : Low  (About) Remote Exploit : Yes Local Exploit : No Exploit Available : Yes Credit : netvigilance Published : 12.05.2007
Advisory Content : netVigilance Security Advisory #12 Advanced Guestbook version 2.4.2 Multiple XSS Attack Vulnerabilities Description: Advanced Guestbook is a PHP-based guestbook script. It includes many useful features such as preview, templates, e-mail notification, picture upload, page spanning , html tags handling, smiles, advanced guestbook codes and language support. The admin script lets you modify, view, and delete messages. Requires PHP4 and MySQL. External References: Mitre CVE: CVE-2007-0605 NVD NIST: CVE-2007-0605 OSVDB: 33877 Summary: Advanced Guestbook is a PHP-based guestbook with admin interface. Security problems in the product allows attackers to conduct XSS attacks This vulnerabilities can be exploited only when PHP register_globals is On. Advisory URL: http://www.netvigilance.com/advisory0012 Release Date: 05/07/2007 Severity: Risk: Medium CVSS Metrics Access Vector: Remote Access Complexity: High Authentication: not-required Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial Impact Bias: Normal CVSS Base Score: 5.6 Target Distribution on Internet: Low Exploitability: Functional Exploit Remediation Level: Workaround Report Confidence: Uncorroborated Vulnerability Impact: Attack Host Impact: XSS Attack SecureScout Testcase ID: Vulnerable Systems: Advanced Guestbook 2.4.2 Vulnerability Type: XSS (Cross-Site Scripting) to force a web-site to display malicious contents to the target, by sending a specially crafted request to the web-site. The vulnerable web-site is not the target of attack but is used as a tool for the hacker in the attack of the victim. Vendor Status: Contact with the Vendor was established but draft of the security advisory wasn't provided because the Vendor stopped responding to our emails on 9 March 2007. There is no official fix at the release of this Security Advisory Workaround: Set PHP register_globals to Off. Example: XSS Attack Vulnerability 1: REQUEST: http://[TARGET]/[guestbook-directory]/picture.php?size[0]=1&size[1]=1&im g=1&picture=%22%3E%3Cscript%3Ealert(%22ok%22)%3C/script%3E%3Cimg%20src=% 22 REPLY: Will execute <script>alert(document.cookie)</script> XSS Attack Vulnerability 2: The remote attacker can avoid the .htaccess file protection and run any script or view the contents of the templates. Set in the COOKIES variable lang = "../[name of the script without php extension]" for example "../lib/admin.class" REQUEST: http://[TARGET]/[guestbook-directory]/index.php REPLY: The Server will execute the script Credits: Jesper Jurcenoks Co-founder netVigilance, Inc www.netvigilance.com  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
libc:fts_*() Multiple Denial of Service
The fts functions are provided for traversing UNIX file hierarchies... |
||
| Apache |  |
|
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
| PHP | |
|
» PHP 5.2.12/5.3.1 |
||
- 2009-10-02| Copyright © SecurityReason.com. All Rights Reserved. |