Bugtraq mailing list archives
hpm_guestbook.cgi JavaScript-Injection
From: Christoph Burchert <chburchert () web de>
Date: 17 Feb 2005 16:18:02 -0000
Hey dudes :) Content: a) Problem b) Affected versions c) Exploiting ------------------------------------------------------- A) The HTML-function is usually activated in hpm_guestbook.cgi, so you can inject every HTML-code inclusive JavaScript. B) I don't know, sorry. In my version on a freespace hoster I couldn't see the version. C) You can post the following Proof of Concept code to understand the problem: <script language="JavaScript">alert("This guestbook is insecure: " + document.location.href);</script> If you're logged in as the admin of the guestbook and you want to see the posts you'll see that the password of your account is in the URL of hpm_login.cgi and the code shows you the URL. If you like you can make a code which sends the URL to a PHP-Script. Then you can get the password of the admin. You have to keep your code in one line! Cu Chris
Current thread:
- hpm_guestbook.cgi JavaScript-Injection Christoph Burchert (Feb 17)