lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20050217161802.531.qmail@www.securityfocus.com>
Date: 17 Feb 2005 16:18:02 -0000
From: Christoph Burchert <chburchert@....de>
To: bugtraq@...urityfocus.com
Subject: hpm_guestbook.cgi JavaScript-Injection




Hey dudes :)

Content:
     a) Problem
     b) Affected versions
     c) Exploiting
-------------------------------------------------------

A)
The HTML-function is usually activated in hpm_guestbook.cgi, so you can inject every HTML-code inclusive JavaScript.

B)
I don't know, sorry. In my version on a freespace hoster I couldn't see the version.

C)
You can post the following Proof of Concept code to understand the problem:

&lt;script language="JavaScript">alert("This guestbook is insecure: " + document.location.href);&lt;/script&gt;

If you're logged in as the admin of the guestbook and you want to see the posts you'll see that the password of your account is in the URL of hpm_login.cgi and the code shows you the URL. If you like you can make a code which sends the URL to a PHP-Script. Then you can get the password of the admin.
You have to keep your code in one line!

Cu
Chris

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ