GuppY ptxt parameter Include Arbitrary Script

2003-10-25T00:00:00
ID OSVDB:3196
Type osvdb
Reporter OSVDB
Modified 2003-10-25T00:00:00

Description

Vulnerability Description

GuppY contains a flaw that allows a remote attacker to bypass the input filter and execute arbitrary HTML or scripting. The flaw is due to the "ptxt" parameter not sanitizing input and allowing "[]" instead of "<>".

Solution Description

Upgrade to version 2.4p4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

GuppY contains a flaw that allows a remote attacker to bypass the input filter and execute arbitrary HTML or scripting. The flaw is due to the "ptxt" parameter not sanitizing input and allowing "[]" instead of "<>".

Manual Testing Notes

  • [l]" style="background:url('javascript:[SCRIPT]');visibility:hidden;[/l]
  • [l][l] style=list-style:url(javascript:[SCRIPT]) truc=[/l][/l]

References:

Vendor URL: http://www.freeguppy.org/ Vendor Specific Solution URL: http://www.freeguppy.org/download.php?lng=en Secunia Advisory ID:9946 Related OSVDB ID: 3197 Related OSVDB ID: 3198 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-10/0077.html