SecurityReason.com - Our Reason is

Security

Register | Forget Password | Login
SecurityReason
IT News
Search
SecurityAlert Database
About SecurityAlert
ExploitAlert Database
SecurityReason Research
WLB
WLB Database
Send to WLB
About WLB
Services
Security Audit
Schedule
Prices of services
Contact
RSS
SecurityReason IT News
SecurityAlert
World Laboratory of Bugtraq
ExploitAlert
Apache
PHP
Corporate
Contact
About SecurityReason
Note

If you have found a vulnerability, please send to our SecurityAlert Database :
secalert()securityreason()com

Also if you have new ( 0-day ) exploit, please send to our ExploitAlert Archive :
exploit()securityreason()com
Home arrow SecurityAlert Database

Arrow  Topic :

G-Book 1.0 XSS And Other Vulnerabilities


Arrow  SecurityAlert : 634
Arrow  CVE : CVE-2006-1398
Arrow  SecurityRisk : Low  Security Risk Low  (About)
Arrow  Remote Exploit : Yes
Arrow  Local Exploit : No
Arrow  Exploit Available : Yes
Arrow  Credit : matrix_killer
Arrow  Published : 28.03.2006

Arrow  Affected Software : G-Book 1.0



Arrow  Advisory Content :  

------------------------------------------------------
HYSA-2006-006 h4cky0u.org Advisory 015
------------------------------------------------------
Date - Mon March 27 2006

TITLE:
======

G-Book 1.0 XSS, Possible authentication bypass & mass message flood

SEVERITY:
=========

High

SOFTWARE:
=========

G-Book 1.0

Support Website - http://www.6al.net/six/

INFO:
=====

G-book is extremely simple to customize and publish. There is no need for a
MySQL Database. The script incorporates features

such as administration panel, MESSAGE APPROVAL, smilies, divided posts by
pages etc. Its graphics can be altered effortlessly

through the CSS file. In addition, G-book supports multiple languages.

DESCRIPTION:
============

G-Book 1.0 is vulnerable to a XSS attack and you can also get admin access
to the guestbook if the user hasn't deleted his

cookie.

--==XSS==--

In the message board post a message with something like this:

<script>alert();</script>

Another bug in G-Book is that a user can post as many messages as he wants
to.

FIX:
====

htmlspecialchars + a logout button which will destroy the cookies and post
cotrol.

VENDOR RESPONSE:
================

Bug will be fixed in the next version.

CREDITS:
========

- This vulnerability was discovered and researched by matrix_killer of
h4cky0u Security Forums -

mail : matrix_k at abv.bg

web : http://www.h4cky0u.org

- Co-Researcher -

h4cky0u of h4cky0u Security Forums.

mail : h4cky0u at gmail.com

web : http://www.h4cky0u.org

Greets to all omega-team members + krassswr,EcLiPsE and all who support us
!!!

ORIGINAL ADVISORY:
==================

http://www.h4cky0u.org/advisories/HYSA-2006-006-g-book.txt




Arrow  Feedback :

If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com.
Alert

libc:fts_*() Multiple Denial of Service

Security Risk Medium- 2009-10-02

The fts functions are provided for traversing UNIX file hierarchies...
Apache RSS Apache Alert

» Apache 1.3.41 mod_proxy
   Integer overflow (code
   execution)

» Apache Tomcat 6.0.20 and
   5.5.28 unexpected file
   deletion in work
   directory

» Apache Tomcat 6.0.20 and
   5.5.28 insecure partial
   deploy after failed
   undeploy

» Apache Tomcat 6.0.20 and
   5.5.28 unexpected file
   deletion and/or
   alteration
PHP RSS PHP Alert

» PHP 5.2.12/5.3.1
   session.save_path
   safe_mode and
   open_basedir bypass

» PHP 5.2.12/5.3.1 Multiple
   Vulnerabilities

» PHP 5.2.11 libgd multiple
   vulnerabilities

» PHP 5.2.11 tempnam()
   safe_mode bypass
Copyright © SecurityReason.com. All Rights Reserved.