[Full-disclosure] SimpBook "message" Remote Cross-Site Scripting Vulnerability

2006-01-07T00:00:00
ID SECURITYVULNS:DOC:10926
Type securityvulns
Reporter Securityvulns
Modified 2006-01-07T00:00:00

Description

Advisory #5 Title: SimpBook "message" Remote Cross-Site Scripting Vulnerability

Author: 0o_zeus_o0

Contact: zeus@diosdelared.com

Website: Elitemexico.org

Date: 05/01/2006

Risk: High

Vendor Url: http://codegrrl.com/scripts/simpbook/

Affected Software: SimpBook

Non Affected:

We Are: olimpus klan team

TECHNICAL INFO

================================================================

An input validation vulnerability in SimpBook has been reported, which can be exploited

by remote users to conduct cross-site scripting attacks.

User-supplied input passed to the "message" field isn't sanitised before being stored in

the guestbook. This can be exploited to execute arbitrary script code in the security context

of an affected website, as a result the code will be able to access any of the target user's

cookies, access data recently submitted by the target user via web form to the site, or take

actions on the site acting as the target user.

Successful exploitation requires that "html_enable" is set to "on" in "config.php".

This is set to"on" in the default installation.

Solution:

Set "html_enable" to "off" in " config.php" or edit the source code to ensure that input is properly sanitised.

VULNERABLE VERSIONS

================================================================

SimpBook version 1.0. Other versions may also be affected.

================================================================

Contact information

0o_zeus_o0

zeus@diosdelared.com

www.olimpusklan.org

================================================================

greetz: lady fire, fraude, xoxo, El_Mesias