Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Levcgi.coms MyGuestbook JavaScript Injection Vulnerability
From: "BrainRawt ." <brainrawt () hotmail com>
Date: Tue, 30 Apr 2002 21:45:25 +0000

 ___________    ____________    ____  __  ___    ______________
|\    ____  \  |\    ____   \  |\   \|\ \|\  \  |\_____    ____\
| \   \__|\  \ | \   \__|\   \ | \   \ \ \ \  \ | |   |\   \   |
\  \    ___   | \ \    ____   \ \ \   \_| \_|  \ \|___| \   \__|
 \  \   \_|\  \_ \ \   \__|\   \ \ \      _     \      \ \   \
  \  \   \\ \   \ \ \   \ \ \   \ \ \     |\ http://rawt.daemon.sh
   \  \___\\ \___\ \ \___\ \ \___\ \ \____| \_____\      \ \___\
    \ |   | \ |   | \ |   | \ |   | \ |   |\ |    |       \ |   |
     \|___|  \|___|  \|___|  \|___|  \|___| \|____|        \|___|


Levcgi.coms MyGuestbook JavaScript Injection Vulnerability
Discovered By BrainRawt (brainrawt () hotmail com)

About MyGuestbook:
------------------
Highly customizable guestbook that was released on Feb. 20, 2002, and
can be downloaded at http://www.levcgi.com/programs.cgi?program=myguestbook

According to the website, ...myGuestbook has been downloaded 1298 times!

Vulnerable (tested) Versions:
--------------------
MyGuestbook v 1.0

Vendor Contact:
----------------
4-28-02 - Emailed lev () taintedthoughts com

4-30-02 - No Reply from the author and I have decided not to wait since I
          never got a reply about another concern i had several months ago
          involving one of his cgi scripts.

Vulnerability:
----------------
myguestbook inproperly filters input to the guestbook making the guestbook
prone to cross-site scripting attacks by malicious visitors to the site. This could be a medium to high concern when mixed with a website that uses cookies. 

Exploit (POC):
----------------
Sign up and post using the "name" <script>alert('evil+java+script+here')</script> 

or
When posting comments just insert the <script>alert('evil+java+script+here')</script> 
to the comments field.


--------------------------------------------------------------------------
Knowledge is Power! How Powerful are you? - BrainRawt



_________________________________________________________________
Send and receive Hotmail on your mobile device: http://mobile.msn.com

  By Date           By Thread  

Current thread:
  • Levcgi.coms MyGuestbook JavaScript Injection Vulnerability BrainRawt . (Apr 30)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]