[UNIX] MPM Guestbook Multiple Vulnerabilities (CSS, Path Disclosure)

2003-11-03T00:00:00

Description

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source. http://www.securiteam.com/mailinglist.html - - - - - - - - - MPM Guestbook Multiple Vulnerabilities (CSS, Path Disclosure) ------------------------------------------------------------------------ SUMMARY MPM Guestbook, "a simple guestbook with multi-language support", allows remote attacker to inject arbitrary HTML and/or JavaScript into the web page and to cause the product to disclose the directory under which it was installed. DETAILS Vulnerable systems: * MPM Guestbook version 1.2 The vulnerabilities are caused due to missing validation of input supplied to the "lng" parameter. Whenever an invalid "lng" parameter is provided, an error page is returned with the parameter (unfiltered). This can be exploited to cause the page to include arbitrary HTML and/or JavaScript, which will be executed in the user's browser session. The vulnerability will allow you to reveal the path under which the program has been installed. Example: http://[victim]/guestbook/?number=5&lng=%3Cscript%3Ealert(document.domain);%3C/script%3E ADDITIONAL INFORMATION The information has been provided by <mailto:iamroot@systemsecure.org> David S. Ferreira. ======================================== This bulletin is sent to members of the SecuriTeam mailing list. To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com ==================== ==================== DISCLAIMER: The information in this bulletin is provided "AS IS" without warranty of any kind. In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

{"id": "SECURITYVULNS:DOC:5332", "bulletinFamily": "software", "title": "[UNIX] MPM Guestbook Multiple Vulnerabilities (CSS, Path Disclosure)", "description": "The following security advisory is sent to the securiteam mailing list, and can be found at\r\nthe SecuriTeam web site: http://www.securiteam.com\r\n- - promotion\r\n\r\nThe SecuriTeam alerts list - Free, Accurate, Independent.\r\n\r\nGet your security news from a reliable source.\r\nhttp://www.securiteam.com/mailinglist.html \r\n\r\n- - - - - - - - -\r\n\r\n\r\n\r\n MPM Guestbook Multiple Vulnerabilities (CSS, Path Disclosure)\r\n------------------------------------------------------------------------\r\n\r\n\r\nSUMMARY\r\n\r\nMPM Guestbook, "a simple guestbook with multi-language support", allows \r\nremote attacker to inject arbitrary HTML and/or JavaScript into the web \r\npage and to cause the product to disclose the directory under which it was \r\ninstalled.\r\n\r\nDETAILS\r\n\r\nVulnerable systems:\r\n * MPM Guestbook version 1.2\r\n\r\nThe vulnerabilities are caused due to missing validation of input supplied \r\nto the "lng" parameter. Whenever an invalid "lng" parameter is provided, \r\nan error page is returned with the parameter (unfiltered). This can be \r\nexploited to cause the page to include arbitrary HTML and/or JavaScript, \r\nwhich will be executed in the user's browser session. The vulnerability \r\nwill allow you to reveal the path under which the program has been \r\ninstalled.\r\n\r\nExample:\r\nhttp://[victim]/guestbook/?number=5&lng=%3Cscript%3Ealert(document.domain);%3C/script%3E\r\n\r\n\r\nADDITIONAL INFORMATION\r\n\r\nThe information has been provided by <mailto:iamroot@systemsecure.org> \r\nDavid S. Ferreira.\r\n\r\n\r\n\r\n======================================== \r\n\r\n\r\nThis bulletin is sent to members of the SecuriTeam mailing list. \r\nTo unsubscribe from the list, send mail with an empty subject line and body to:\r\nlist-unsubscribe@securiteam.com \r\nIn order to subscribe to the mailing list, simply forward this email to:\r\nlist-subscribe@securiteam.com \r\n\r\n\r\n==================== \r\n==================== \r\n\r\nDISCLAIMER: \r\nThe information in this bulletin is provided "AS IS" without warranty of any kind. \r\nIn no event shall we be liable for any damages whatsoever including direct, indirect,\r\nincidental, consequential, loss of business profits or special damages. \r\n\r\n\r\n\r\n", "published": "2003-11-03T00:00:00", "modified": "2003-11-03T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:5332", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:08", "edition": 1, "viewCount": 5, "enchantments": {"score": {"value": 0.2, "vector": "NONE"}, "dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:3222"]}], "rev": 4}, "backreferences": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:3222"]}]}, "exploitation": null, "vulnersScore": 0.2}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645260889, "score": 1659803227}, "_internal": {"score_hash": "cb6943712961cbef5f131534bcbac279"}}

[UNIX] MPM Guestbook Multiple Vulnerabilities &#40;CSS, Path Disclosure&#41;

Description

[UNIX] MPM Guestbook Multiple Vulnerabilities (CSS, Path Disclosure)