GuppY Cookie 7th Parameter Execute Arbitrary Script

2003-10-25T00:00:00
ID OSVDB:3197
Type osvdb
Reporter OSVDB
Modified 2003-10-25T00:00:00

Description

Vulnerability Description

GuppY contains a flaw that allows a remote user to include arbitrary HTML or script on messages and postings. The flaw is due to the GuppYUser cookie's seventh paramter. The contents of this field are displayed on messages and posting and it does no sanity check on the content.

Solution Description

Upgrade to version 2.4p4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

GuppY contains a flaw that allows a remote user to include arbitrary HTML or script on messages and postings. The flaw is due to the GuppYUser cookie's seventh paramter. The contents of this field are displayed on messages and posting and it does no sanity check on the content.

Manual Testing Notes

  • With a cookie named "GuppYUser" and with the value : fr||[NICK]||[MAIL]||LR||||on||<br style="background:url('javascript:[SCRIPT]')">,

If you send a message (forum, guestbook,...) the javascript is executed.

References:

Secunia Advisory ID:9946 Related OSVDB ID: 3196 Related OSVDB ID: 3198 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-10/0077.html