Search...

ftls.org Guestbook 1.1 Script Injection

2003-01-25T00:00:00

ID SECURITYVULNS:DOC:4024
Type securityvulns
Reporter Securityvulns
Modified 2003-01-25T00:00:00

Description

ftls.org Guestbook 1.1 Script Injection Vulnerabilities Discovered By BrainRawt (brainrawt@hotmail.com)

About MyGuestbook:

Your basic guestbook that can be downloaded at http://www.ftls.org/en/examples/cgi/Guestbook.shtml#s1.

Vulnerable (tested) Versions:

guestbook v 1.1

Vendor Contact:

9-27-02 - Emailed webmaster@ftls.org 12-15-02 - Emailed tyndiuk@ftls.org

Vulnerability:

guestbook.cgi inproperly filters user input making the guestbook vulnerable to script injection.

Exploit (POC):

When filling in ones name use: <script>alert('your_name_field_vuln_to_injection')</script>

When filling in the Title use: <script>alert('title_field_vuln_to_injection')</script>

When filling in the Comment use: <script>alert('comments_field_vuln')</script>

Which looks better? Blackhat or White? You Decide! - BrainRawt

Protect your PC - get McAfee.com VirusScan Online
http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963

JSON Vulners Source

Initial Source

{"id": "SECURITYVULNS:DOC:4024", "bulletinFamily": "software", "title": "ftls.org Guestbook 1.1 Script Injection", "description": "\r\nftls.org Guestbook 1.1 Script Injection Vulnerabilities\r\nDiscovered By BrainRawt (brainrawt@hotmail.com)\r\n\r\nAbout MyGuestbook:\r\n------------------\r\nYour basic guestbook that can be downloaded at\r\nhttp://www.ftls.org/en/examples/cgi/Guestbook.shtml#s1.\r\n\r\nVulnerable (tested) Versions:\r\n--------------------\r\nguestbook v 1.1\r\n\r\nVendor Contact:\r\n----------------\r\n 9-27-02 - Emailed webmaster@ftls.org\r\n12-15-02 - Emailed tyndiuk@ftls.org\r\n\r\nVulnerability:\r\n----------------\r\nguestbook.cgi inproperly filters user input making the guestbook\r\nvulnerable to script injection.\r\n\r\nExploit (POC):\r\n----------------\r\nWhen filling in ones name use:\r\n<script>alert('your_name_field_vuln_to_injection')</script>\r\n\r\nWhen filling in the Title use:\r\n<script>alert('title_field_vuln_to_injection')</script>\r\n\r\nWhen filling in the Comment use:\r\n<script>alert('comments_field_vuln')</script>\r\n\r\n---------------------------------------------------------------------\r\nWhich looks better? Blackhat or White? You Decide! - BrainRawt\r\n\r\n\r\n\r\n\r\n_________________________________________________________________\r\nProtect your PC - get McAfee.com VirusScan Online \r\nhttp://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963\r\n", "published": "2003-01-25T00:00:00", "modified": "2003-01-25T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:4024", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:07", "edition": 1, "viewCount": 5, "enchantments": {"score": {"value": 1.6, "vector": "NONE"}, "dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:2544"]}], "rev": 4}, "backreferences": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:2544"]}, {"type": "vulnerlab", "idList": ["VULNERABLE:40"]}]}, "exploitation": null, "vulnersScore": 1.6}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645511409}}