XSS Vulnerability in Guest-book script powered by Community Architect

2006-04-19T00:00:00
ID SECURITYVULNS:DOC:12320
Type securityvulns
Reporter Securityvulns
Modified 2006-04-19T00:00:00

Description

[This document is best seen with Font: Verdana Size: 9pt]

Advisory Name

XSS Vulnerability in Guest-book script powered by Community Architect

Vulnerable Systems

Sites providing web-hosting service powered by Community Architect.

Found By

Susam Pal

Found On

4th April, 2006

Vulnerability Type

Cross Site Scripting (XSS)

Action Taken

Reported to 20m.com (20m.com is one of the sites powered by Community Architect)

Response

20m.com fixed the vulnerability on 10th April, 2006

System Description

Many web-hosting sites powered by Community Architect offer free as well as paid services to those who want to host a website on their servers. They offer customized Guest-book input form page (http://www.vulnerablesite.com/fsguest.html), Guest-book page (http://www.vulnerablesite.com/fsguestbook.html) along with ready-made script (http://www.vulnerablesite.com/cgi-bin/guest) to the web-designer designing a website on their servers.

A person visiting the website signs the guest-book by filling up the form in http://www.vulnerablesite.com/fsguest.html. On submission, the inputs are submitted to the script, http://www.vulnerablesite.com/cgi-bin/guest on the server. The script processes the input and updates the page, http://www.vulnerablesite.com/fsguestbook.html to reflect the new message submitted by the user.

Vulnerability Description

The script, http://www.vulnerablesite.com/cgi-bin/guest, is vulnerable to XSS since it doesn't validate the input for the presence of HTML tags. As a result HTML tags & JavaScript codes entered as input in the form of http://www.vulnerablesite.com/fsguest.html become a part of the HTML code of http://www.vulnerablesite.com/fsguestbook.html and hence it is executed by the browser when any user visits the page.

It provides the attacker an opportunity to inject HTML formatting elements to tamper with the display of the page or inject JavaScript code to trouble the user visiting this page.

Contact Information

For more information, please contact:-

Susam Pal, Infosys Technologies Ltd. Survey No. 210, Manikonda Village Lingampally, Rangareddy District Hyderabad, PIN 500019 India Phone No.: +91-99859521

Email: susam.pal@gmail.com