Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormJesper JurcenoksPACKETSTORM:53742
HistoryJan 18, 2007 - 12:00 a.m.

netvigilance-sa10.txt

2007-01-1800:00:00
Jesper Jurcenoks
packetstormsecurity.com
26

0.019 Low

EPSS

Percentile

87.2%

JSON
`netVigilance Security Advisory #10  
  
dt_guestbook version 1.0f XSS vulnerability   
  
Description:  
dt_guestbook is a fully-featured message board system with admin interface. Due to program flaws it is possible for the remote attacker to conduct XSS attacks.  
The remote attacker can convince the victim to open a specially crafted link that is a trusted guestbook server and execute arbitrary code in the userΒ’s browser session.  
  
External References:   
Mitre CVE: CVE-2006-6487 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6487   
NVD NIST: CVE-2006-6487 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6487  
OSVDB: 30787 http://www.osvdb.com/displayvuln.php?osvdb_id=30787  
  
Summary:   
dt_guestbook a fully-featured message board system with admin interface.   
A security problem in the product allows attackers to conduct XSS attacks.   
This vulnerability can be exploited only when PHP register_globals is On.  
  
Release Date:  
  
  
Severity:  
Risk: Medium  
  
CVSS Metrics  
Access Vector: Remote  
Access Complexity: High  
Authentication: not-required  
Confidentiality Impact: Partial  
Integrity Impact: Partial  
Availability Impact: Partial  
Impact Bias: Normal  
CVSS Base Score: 5.6  
  
Target Distribution on Internet: Low  
  
Exploitability: Functional Exploit  
Remediation Level: Workaround  
Report Confidence: Uncorroborated  
  
Vulnerability Impact: Attack  
Host Impact: cross-site scripting.  
  
  
SecureScout Testcase ID:  
TC 17940  
  
  
Vulnerable Systems:  
dt_guestbook 1.0f.  
  
Vulnerability Type:  
XSS (Cross-Site Scripting) to force a web-site to display malicious contents to the target, by sending a specially crafted request to the web-site. The vulnerable web-site is not the target of attack but is used as a tool for the hacker in the attack of the victim.  
  
Vendor Status: Author Alexander Fedorov was notified on Dec 8 2006 and agreed to correct the XSS in his product. He has failed to respond to emails or Chat since Dec 8 2006.  
.  
Solution: Patch Possibly Pending from Vendor, please check http://fedorov.vitalain.ru for updates.  
.  
Workaround:  
Set PHP register_globals to Off.  
Example:   
HTTP REQUEST http://[TARGET]/[dt_guestbook_v1-directory]/index.php?submit=1&error[]=%3Cscript%3Ealert(document.cookie)%3C/script%3E  
REPLY  
...  
will execute <script>alert(document.cookie)</script>  
...   
  
Advisory URL: http://www.netvigilance.com/advisory0009   
  
Credits:   
Jesper Jurcenoks  
Co-founder netVigilance, Inc  
www.netvigilance.com  
`

Related

securityvulns 2
cve 1
securityvulns
securityvulns
dt_guestbook version 1.0f XSS vulnerability
2007-01-17 00:00:00
Daily web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2007-01-17 00:00:00
cve
cve
CVE-2006-6487
2007-01-16 19:28:00

0.019 Low

EPSS

Percentile

87.2%

JSON
Related for PACKETSTORM:53742
securityvulns2cve1