Levcgi.coms MyGuestbook JavaScript Injection Vulnerability

2002-05-03T00:00:00
ID SECURITYVULNS:DOC:2888
Type securityvulns
Reporter Securityvulns
Modified 2002-05-03T00:00:00

Description

__ _ ____ __ |\ _ \ |\ _ \ |\ \|\ \|\ \ |\__ ____\ | \ \|\ \ | \ \__|\ \ | \ \ \ \ \ \ | | |\ \ | \ \ | \ \ _ \ \ \ \| \_| \ \|| \ \| \ \ \|\ \_ \ \ \__|\ \ \ \ _ \ \ \ \ \ \ \\ \ \ \ \ \ \ \ \ \ \ |\ http://rawt.daemon.sh \ \\\ \\ \ \\ \ \\ \ \| \_\ \ \\ \ | | \ | | \ | | \ | | \ | |\ | | \ | | \|| \|| \|| \|| \|| \|_| \|___|

Levcgi.coms MyGuestbook JavaScript Injection Vulnerability Discovered By BrainRawt (brainrawt@hotmail.com)

About MyGuestbook:

Highly customizable guestbook that was released on Feb. 20, 2002, and can be downloaded at http://www.levcgi.com/programs.cgi?program=myguestbook

According to the website, ...myGuestbook has been downloaded 1298 times!

Vulnerable (tested) Versions:

MyGuestbook v 1.0

Vendor Contact:

4-28-02 - Emailed lev@taintedthoughts.com

4-30-02 - No Reply from the author and I have decided not to wait since I never got a reply about another concern i had several months ago involving one of his cgi scripts.

Vulnerability:

myguestbook inproperly filters input to the guestbook making the guestbook prone to cross-site scripting attacks by malicious visitors to the site. This could be a medium to high concern when mixed with a website that uses cookies.

Exploit (POC):

Sign up and post using the "name" <script>alert('evil+java+script+here')</script>

or

When posting comments just insert the <script>alert('evil+java+script+here')</script> to the comments field.


Knowledge is Power! How Powerful are you? - BrainRawt


Send and receive Hotmail on your mobile device: http://mobile.msn.com