G5 Scripts Guestbook PHP 1.2.8 – Cross-Site Scripting

• Exploit Database
• 9 阅读

• 作者： Valentin
  日期： 2010-04-24
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/12374/

• [:::::::::::::::::::::::::::::::::::::: 0x1 ::::::::::::::::::::::::::::::::::::::]
  >> General Information 
  Advisory/Exploit Title = Guestbook PHP XSS Vulnerability
  Author = Valentin Hoebel
  Contact = valentin@xenuser.org
  
  
  [:::::::::::::::::::::::::::::::::::::: 0x2 ::::::::::::::::::::::::::::::::::::::]
  >> Product information
  Name = Guestbook PHP
  Vendor = G5 Scripts
  Vendor Website = http://www.g5-scripts.de
  Affected Version(s) = 1.2.8
  
   
  [:::::::::::::::::::::::::::::::::::::: 0x3 ::::::::::::::::::::::::::::::::::::::]
  >> #1 Vulnerability
  Type = XSS
  Affected Input Boxes = "Name", "Vorname", "Land", "Message"
  
  The guestbook fails to properly sanitize the user input when a new entry is added.
  When HTML/Java Script code is added, it gets displayed/parsed when the new entry was
  successfully submitted.
  
  Furthermore the code gets executed when the admin views the entries in the control panel.
  It is even possible to temporarily disable the admin features in the backend
  since the injected code gets executed before the admin buttons get displayed.
  When the correct code was injected, the design gets destroyed and the admin buttons disappear.
  
  
  [:::::::::::::::::::::::::::::::::::::: 0x4 ::::::::::::::::::::::::::::::::::::::]
  >> Additional Information
  Advisory/Exploit Published = 24.04.2010
  
  
  [:::::::::::::::::::::::::::::::::::::: 0x5 ::::::::::::::::::::::::::::::::::::::]
  >> Misc
  Greetz && Thanks = inj3ct0r team, Exploit DB, hack0wn and ExpBase!
  <3 packetstormsecurity.org!
  
  
  [:::::::::::::::::::::::::::::::::::::: EOF ::::::::::::::::::::::::::::::::::::::]