The following security advisory is sent to the securiteam mailing list, and can be found at
the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
MPM Guestbook Multiple Vulnerabilities (CSS, Path Disclosure)
------------------------------------------------------------------------
SUMMARY
MPM Guestbook, "a simple guestbook with multi-language support", allows
remote attacker to inject arbitrary HTML and/or JavaScript into the web
page and to cause the product to disclose the directory under which it was
installed.
DETAILS
Vulnerable systems:
* MPM Guestbook version 1.2
The vulnerabilities are caused due to missing validation of input supplied
to the "lng" parameter. Whenever an invalid "lng" parameter is provided,
an error page is returned with the parameter (unfiltered). This can be
exploited to cause the page to include arbitrary HTML and/or JavaScript,
which will be executed in the user's browser session. The vulnerability
will allow you to reveal the path under which the program has been
installed.
Example:
http://[victim]/guestbook/?number=5&lng=%3Cscript%3Ealert(document.domain);%3C/script%3E
ADDITIONAL INFORMATION
The information has been provided by <mailto:iamroot@systemsecure.org>
David S. Ferreira.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to:
list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to:
list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect,
incidental, consequential, loss of business profits or special damages.
{"id": "SECURITYVULNS:DOC:5332", "bulletinFamily": "software", "title": "[UNIX] MPM Guestbook Multiple Vulnerabilities (CSS, Path Disclosure)", "description": "The following security advisory is sent to the securiteam mailing list, and can be found at\r\nthe SecuriTeam web site: http://www.securiteam.com\r\n- - promotion\r\n\r\nThe SecuriTeam alerts list - Free, Accurate, Independent.\r\n\r\nGet your security news from a reliable source.\r\nhttp://www.securiteam.com/mailinglist.html \r\n\r\n- - - - - - - - -\r\n\r\n\r\n\r\n MPM Guestbook Multiple Vulnerabilities (CSS, Path Disclosure)\r\n------------------------------------------------------------------------\r\n\r\n\r\nSUMMARY\r\n\r\nMPM Guestbook, "a simple guestbook with multi-language support", allows \r\nremote attacker to inject arbitrary HTML and/or JavaScript into the web \r\npage and to cause the product to disclose the directory under which it was \r\ninstalled.\r\n\r\nDETAILS\r\n\r\nVulnerable systems:\r\n * MPM Guestbook version 1.2\r\n\r\nThe vulnerabilities are caused due to missing validation of input supplied \r\nto the "lng" parameter. Whenever an invalid "lng" parameter is provided, \r\nan error page is returned with the parameter (unfiltered). This can be \r\nexploited to cause the page to include arbitrary HTML and/or JavaScript, \r\nwhich will be executed in the user's browser session. The vulnerability \r\nwill allow you to reveal the path under which the program has been \r\ninstalled.\r\n\r\nExample:\r\nhttp://[victim]/guestbook/?number=5&lng=%3Cscript%3Ealert(document.domain);%3C/script%3E\r\n\r\n\r\nADDITIONAL INFORMATION\r\n\r\nThe information has been provided by <mailto:iamroot@systemsecure.org> \r\nDavid S. Ferreira.\r\n\r\n\r\n\r\n======================================== \r\n\r\n\r\nThis bulletin is sent to members of the SecuriTeam mailing list. \r\nTo unsubscribe from the list, send mail with an empty subject line and body to:\r\nlist-unsubscribe@securiteam.com \r\nIn order to subscribe to the mailing list, simply forward this email to:\r\nlist-subscribe@securiteam.com \r\n\r\n\r\n==================== \r\n==================== \r\n\r\nDISCLAIMER: \r\nThe information in this bulletin is provided "AS IS" without warranty of any kind. \r\nIn no event shall we be liable for any damages whatsoever including direct, indirect,\r\nincidental, consequential, loss of business profits or special damages. \r\n\r\n\r\n\r\n", "published": "2003-11-03T00:00:00", "modified": "2003-11-03T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:5332", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:08", "edition": 1, "viewCount": 5, "enchantments": {"score": {"value": 0.2, "vector": "NONE"}, "dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:3222"]}], "rev": 4}, "backreferences": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:3222"]}]}, "exploitation": null, "vulnersScore": 0.2}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645260889, "score": 1659803227}, "_internal": {"score_hash": "cb6943712961cbef5f131534bcbac279"}}