lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20070424152829.13711.qmail@securityfocus.com>
Date: 24 Apr 2007 15:28:29 -0000
From: omnipresent@...il.it
To: bugtraq@...urityfocus.com
Subject: YA Book 0.98 Persistent XSS

  .      .        .  
._ | _.  .|_  _. _.;_/
[_)|(_]\_|[ )(_](_.| \.net
|      ._|            
"YA Book 0.98-alpha - Persistent XSS Vulnerability"
	by Omni

1) Infos
---------
Date            : 2007-04-23
Product         : YA Book
Version         : 0.98-alpha - Prior version maybe also be affected
Vendor          : http://sourceforge.net/projects/yabook - http://www.phpee.com/
Vendor Status   : 2007-04-23 -> Not Informed!
		  2007-04-24 -> Informed!

Description     :  YaBook- Ya Book! ...or yet another guestbook. YaBook is a simple but powerful guestbook running on PHP
                   5. It features easy installation and customization, multi-language support, and an administration
                   interface. Various database systems are supported.

Google Dork     : Powered by YaBook 0.98-alpha - "Powered by YaBook 0.98-alpha"


Source          : omnipresent - omni
E-mail          : omnipresent[at]email[dot]it - omni[at]playhack[dot]net
Team            : Playhack.net Security

2) Security Issues
-------------------

--- [ Remote Persistent XSS ] ---
=================================

YA Book is vulnerable to an XSS. A malicous user can put in the City Field HTML or JS code
(in sigin module: http://host/path/index.php?mode=sign) as shown below:

Eg script:

<script>alert("XSS")</script>

The vulnerability exist because the city field is not properly sanitized before being used!

--- [ PoC ] ---
===============

A guest can posts a new message and after put the right captcha :D he can puts in the city field a code like:

<script>location.href="http://host.com"</script>

for a redirect with JS or.. he can injects other (eg: HTML, JS) codes..


3) Patch
--------

Edit the source code to ensure that the input is properly sanitized before being used.









Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ