[UNIX] MPM Guestbook Multiple Vulnerabilities (CSS, Path Disclosure)


The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source. http://www.securiteam.com/mailinglist.html - - - - - - - - - MPM Guestbook Multiple Vulnerabilities (CSS, Path Disclosure) ------------------------------------------------------------------------ SUMMARY MPM Guestbook, "a simple guestbook with multi-language support", allows remote attacker to inject arbitrary HTML and/or JavaScript into the web page and to cause the product to disclose the directory under which it was installed. DETAILS Vulnerable systems: * MPM Guestbook version 1.2 The vulnerabilities are caused due to missing validation of input supplied to the "lng" parameter. Whenever an invalid "lng" parameter is provided, an error page is returned with the parameter (unfiltered). This can be exploited to cause the page to include arbitrary HTML and/or JavaScript, which will be executed in the user's browser session. The vulnerability will allow you to reveal the path under which the program has been installed. Example: http://[victim]/guestbook/?number=5&lng=%3Cscript%3Ealert(document.domain);%3C/script%3E ADDITIONAL INFORMATION The information has been provided by <mailto:iamroot@systemsecure.org> David S. Ferreira. ======================================== This bulletin is sent to members of the SecuriTeam mailing list. To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com ==================== ==================== DISCLAIMER: The information in this bulletin is provided "AS IS" without warranty of any kind. In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.