lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <68cbfab10603270030p65795457k7fcb1440f069fb0e@mail.gmail.com>
Date: Mon Mar 27 09:30:52 2006
From: h4cky0u.org at gmail.com (h4cky0u)
Subject: HYSA-2006-006 G-Book 1.0 XSS And Other
	Vulnerabilities

------------------------------------------------------
      HYSA-2006-006 h4cky0u.org Advisory 015
------------------------------------------------------
Date - Mon March 27 2006


TITLE:
======

G-Book 1.0 XSS, Possible authentication bypass & mass message flood


SEVERITY:
=========

High


SOFTWARE:
=========

G-Book 1.0

Support Website - http://www.6al.net/six/


INFO:
=====

G-book is extremely simple to customize and publish. There is no need for a
MySQL Database. The script incorporates features

such as administration panel, MESSAGE APPROVAL, smilies, divided posts by
pages etc. Its graphics can be altered effortlessly

through the CSS file. In addition, G-book supports multiple languages.


DESCRIPTION:
============

G-Book 1.0 is vulnerable to a XSS attack and you can also get admin access
to the guestbook if the user hasn't deleted his

cookie.

--==XSS==--

In the message board post a message with something like this:

<script>alert();</script>

Another bug in G-Book is that a user can post as many messages as he wants
to.


FIX:
====

htmlspecialchars + a logout button which will destroy the cookies and post
cotrol.


VENDOR RESPONSE:
================

Bug will be fixed in the next version.


CREDITS:
========

- This vulnerability was discovered and researched by matrix_killer of
h4cky0u Security Forums -

mail : matrix_k at abv.bg

web : http://www.h4cky0u.org


- Co-Researcher -

h4cky0u of h4cky0u Security Forums.

mail : h4cky0u at gmail.com

web : http://www.h4cky0u.org

Greets to all omega-team members + krassswr,EcLiPsE and all who support us
!!!


ORIGINAL ADVISORY:
==================

http://www.h4cky0u.org/advisories/HYSA-2006-006-g-book.txt

--
http://www.h4cky0u.org
(In)Security at its best...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060327/a06efe3d/attachment.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ