[<prev] [next>] [day] [month] [year] [list]
Message-ID: <000101c30288$6e39b7b0$8c80763e@user1>
Date: Mon, 14 Apr 2003 17:19:03 +0400
From: "drG4njubas" <drG4nj@...l.ru>
To: <bugtraq@...urityfocus.com>
Subject: FipsGuestbook Version 1.12.7 script injection.
Date:
14.04.2003
Subject:
FipsGuestbook Version 1.12.7 script injection.
Description:
Written entirely in ASP and VBScript, easy to install
ASP guestbook manager with web based administration panel.
Vendor:
FipsASP
http://www.fips.at.tf
Vulnerability:
new_entry.asp neglects filtering user input allowing
for script injection to the guestbook via "Name" field.
The injected script will be executed in anyones browser
who visits the guestbook.
Black Tigerz Research Group
We are:Areus,Barracuda,n1Tr0f4n,Velzevol,n3ch,drG4njubas.
Please visit our website: http://www.blacktigerz.org
Powered by blists - more mailing lists