Bug: [MajorSecurity #24] Fire-Mouse TopList <=v1.1 - Cross Site Scripting (WLB-2006080008 Ascii Version)

English Version
WLB2

CVE WLB2

WLB2
Full List
Bugs
Bogus
Tricks
Exploits
CVE MAP
Full List
Vendors
Products
Tools
CWE Dictionary
Google Hacking
Search
General
CVE
CWE
RSS
Full List
Bugs
Exploits
Dorks
Information
Our services
Add note
About
Submit

To add a note,

use this form

or send email to

submit@cxsecurity.com

When contacting via email, we recommend coded messages.

Get our PGP public key

 Topic: [MajorSecurity #24] Fire-Mouse TopList <=v1.1 - Cross Site Scripting
 Credit: admin majorsecurity
 Date: 2006.08.01
 CWE: CWE-79 (Show similar)
 CVE: CVE-2006-3923 (Show details)

Use CVE to see details like:
- CVSS2,
- Affected Software,
- References

Risk
Local
Remote
Low
No
Yes

[MajorSecurity #24] Fire-Mouse TopList <=v1.1 - Cross Site Scripting

------------------------------------------------------------------------
----------------

Software: Fire-Mouse TopList v1.1

Version: 1.1

Type: Cross site scripting

Vendor: Fire-Mouse.com

Page: http://www.fire-mouse.com

TIMELINE:

----------------------------------------------

Discovered: July, 17th 2006

Contacted Vendor: July, 18th 2006

Made public: July, 22th 2006

Credits:

----------------------------------------------

Discovered by: David Vieira-Kurz

http://www.majorsecurity.de

Original Advisory:

----------------------------------------------

http://www.majorsecurity.de/advisory/major_rls24.txt

Affected Products:

----------------------------------------------

Fire-Mouse TopList v1.1 and prior

Description:

----------------------------------------------

Advanced Guestbook is a PHP-based guestbook script.

It includes many useful features such as preview, templates, e-mail notification, picture upload, page spanning ,

html tags handling, smilies, advanced guestbook codes and language support.

The admin script lets you modify, view, and delete messages. Requires PHP4 and MySQL.

Requirements:

----------------------------------------------

register_globals = On

Vulnerabilities:

----------------------------------------------

XSS:

Input passed directly to the "Seitenname" parameter in "add.php" is not properly sanitised before
being returned to the user.

This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected
site.

It works with a script code like this:

>'><script>alert('MajorSecurity')</script>

Solution:

----------------------------------------------

Edit the source code to ensure that input is properly sanitised.

You should work with "htmlspecialchars()" or "htmlentities()" php-function to ensure that html tags

are not going to be executed.

Example:

<?php

$pass = htmlentities($_POST['pass']);

echo htmlspecialchars("<script");

?>

Set "register_globals" to "Off".

[ ASCII VERSION ]
Copyright 2012, cxsecurity.com