MCG GuestBook 1.0 Cross Site Scripting

2010-11-24T00:00:00
ID PACKETSTORM:96101
Type packetstorm
Reporter Aliaksandr Hartsuyeu
Modified 2010-11-24T00:00:00

Description

                                        
                                            `New eVuln Advisory:  
Multiple XSS in MCG GuestBook  
Summary: http://evuln.com/vulns/144/summary.html   
Details: http://evuln.com/vulns/144/description.html   
  
-----------Summary-----------  
eVuln ID: EV0144  
Software: MCG GuestBook  
Vendor: Mrcgiguy  
Version: 1.0  
Critical Level: low  
Type: Cross Site Scripting  
Status: Unpatched. No reply from developer(s)  
PoC: Available  
Solution: Not available  
Discovered by: Aliaksandr Hartsuyeu ( http://evuln.com/ )  
--------Description--------  
All vulnerabilities found in gb.cgi script. It doesn't have proper XSS sanitation filters.  
  
XSS vulnerable parameters:  
  
* name  
* email  
* website  
* message  
  
All these parameters are not sanitized.   
This can be used to insert any html or script code.   
Admin panel is vulnerable also  
--------PoC/Exploit--------  
  
XSS poc code  
All form parameters dont pass any XSS sanitation filters.  
  
XSS Examples.   
Parameter "name": <script>alert('XSS Vuln')</script>   
Parameter "email": "<script>alert('Vulnerable')</script>   
Parameter "website": "<script>alert('Vulnerable')</script>   
Parameter "message": <script>alert('XSS Vuln')</script>  
  
---------Solution----------  
Not available  
----------Credit-----------  
Vulnerability discovered by Aliaksandr Hartsuyeu  
http://evuln.com/tool/php-security.html - online php source analyzer.  
`