Full Disclosure mailing list archives
Re: SimpBook "message" Remote Cross-Site Scripting Vulnerability
From: Mbyte Security <mbytesecurity.org () gmail com>
Date: Fri, 6 Jan 2006 21:50:41 +0100
Listen little bastard ... why dont you post the afected piece of code??? this "technical" description is not so technical ... its sucks! (like you) And what kinda XSS allows "arbitrary execution of script code in the security contextt of an affected website" Did you ever known the meaning of "cross site scripting" and how is the relation betwn webserver and browser... I wanna attach a pic of you and another of pan-zorra -- Megabyte http://mbytesecurity.org El Dios de la Red Saludos a mi ex-zorra Pandora, que me pone cuernos Zeus,Cairo,Redpoint,x0p0x and all lame band On 1/6/06, zeus olimpusklan <zeus.olimpusklan () gmail com> wrote:
########################################################################### # Advisory #5 Title: SimpBook "message" Remote Cross-Site Scripting Vulnerability # # # Author: 0o_zeus_o0 # Contact: zeus () diosdelared com # Website: Elitemexico.org # Date: 05/01/2006 # Risk: High # Vendor Url: http://codegrrl.com/scripts/simpbook/ # Affected Software: SimpBook # Non Affected: # # We Are: olimpus klan team # #TECHNICAL INFO #================================================================ # #An input validation vulnerability in SimpBook has been reported, which can be exploited # #by remote users to conduct cross-site scripting attacks. # #User-supplied input passed to the "message" field isn't sanitised before being stored in # #the guestbook. This can be exploited to execute arbitrary script code in the security context # #of an affected website, as a result the code will be able to access any of the target user's # #cookies, access data recently submitted by the target user via web form to the site, or take # #actions on the site acting as the target user. # #Successful exploitation requires that "html_enable" is set to "on" in " config.php". # #This is set to"on" in the default installation. # #Solution: # #Set "html_enable" to "off" in " config.php" or edit the source code to ensure that input is properly sanitised. # # #VULNERABLE VERSIONS #================================================================ #SimpBook version 1.0. Other versions may also be affected. # # #================================================================ #Contact information #0o_zeus_o0 #zeus () diosdelared com #www.olimpusklan.org #================================================================ #greetz: lady fire, fraude, xoxo, El_Mesias ############################################################################## _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- SimpBook "message" Remote Cross-Site Scripting Vulnerability zeus olimpusklan (Jan 06)
- Re: SimpBook "message" Remote Cross-Site Scripting Vulnerability Mbyte Security (Jan 06)