Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
|
|
|
|
|
|
|
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
|
|
|
|
Become a Partner and License Our Database or Notification Service
|
|
|
|
|
|
|
|
|
|
|
|
|
|
G-Book Lack of Input Validation in Message Conents Permits Cross-Site Scripting Attacks
|
|
SecurityTracker Alert ID: 1015830
|
|
SecurityTracker URL: http://securitytracker.com/id?1015830
|
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Mar 27 2006
|
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
|
Exploit Included: Yes
Vendor Confirmed: Yes
|
Version(s): 1.0
|
Description: A vulnerability was reported in G-Book. A remote user can conduct cross-site scripting attacks.
The software does not properly filter HTML code from user-supplied input in messages before displaying the input. A remote user
can submit a specially crafted message that, when viewed by a target user, will cause arbitrary scripting code to be executed by
the target user's browser. The code will originate from the site running the G-Book software and will run in the security context
of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any,
associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site
acting as the target user.
matrix_killer of h4cky0u Security Forums discovered this vulnerability.
The original advisory is
available at:
http://www.h4cky0u.org/advisories/HYSA-2006-006-g-book.txt
|
Impact: A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the
G-Book software, access data recently submitted by the target user via web form to the site, or take actions on the site acting
as the target user.
|
Solution: No solution was available at the time of this entry.
The vendor is working on a fix.
|
Vendor URL: www.6al.net/six/gbook.php (Links to External Site)
|
Cause: Input validation error
|
Underlying OS: Linux (Any), UNIX (Any), Windows (Any)
|
Reported By: h4cky0u <h4cky0u.org@gmail.com>
|
Message History:
None.
|
Source Message Contents
|
Date: Mon, 27 Mar 2006 14:00:40 +0530
From: h4cky0u <h4cky0u.org@gmail.com>
Subject: [Full-disclosure] HYSA-2006-006 G-Book 1.0 XSS And Other
|
--===============0523483738==
Content-Type: multipart/alternative;
boundary="----=_Part_2938_2532364.1143448240373"
------=_Part_2938_2532364.1143448240373
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
------------------------------------------------------
HYSA-2006-006 h4cky0u.org Advisory 015
------------------------------------------------------
Date - Mon March 27 2006
TITLE:
=3D=3D=3D=3D=3D=3D
G-Book 1.0 XSS, Possible authentication bypass & mass message flood
SEVERITY:
=3D=3D=3D=3D=3D=3D=3D=3D=3D
High
SOFTWARE:
=3D=3D=3D=3D=3D=3D=3D=3D=3D
G-Book 1.0
Support Website - http://www.6al.net/six/
INFO:
=3D=3D=3D=3D=3D
G-book is extremely simple to customize and publish. There is no need for a
MySQL Database. The script incorporates features
such as administration panel, MESSAGE APPROVAL, smilies, divided posts by
pages etc. Its graphics can be altered effortlessly
through the CSS file. In addition, G-book supports multiple languages.
DESCRIPTION:
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
G-Book 1.0 is vulnerable to a XSS attack and you can also get admin access
to the guestbook if the user hasn't deleted his
cookie.
--=3D=3DXSS=3D=3D--
In the message board post a message with something like this:
<script>alert();</script>
Another bug in G-Book is that a user can post as many messages as he wants
to.
FIX:
=3D=3D=3D=3D
htmlspecialchars + a logout button which will destroy the cookies and post
cotrol.
VENDOR RESPONSE:
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Bug will be fixed in the next version.
CREDITS:
=3D=3D=3D=3D=3D=3D=3D=3D
- This vulnerability was discovered and researched by matrix_killer of
h4cky0u Security Forums -
mail : matrix_k at abv.bg
web : http://www.h4cky0u.org
- Co-Researcher -
h4cky0u of h4cky0u Security Forums.
mail : h4cky0u at gmail.com
web : http://www.h4cky0u.org
Greets to all omega-team members + krassswr,EcLiPsE and all who support us
!!!
ORIGINAL ADVISORY:
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
http://www.h4cky0u.org/advisories/HYSA-2006-006-g-book.txt
--
http://www.h4cky0u.org
(In)Security at its best...
------=_Part_2938_2532364.1143448240373
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
<p>------------------------------------------------------<br> &n=
bsp; HYSA-2006-006 <a href=3D"http://h4cky0u.org">h4cky0u.org<
/=
a> Advisory 015<br>------------------------------------------------------<b=
r>Date - Mon March 27 2006
</p>
<p><br>TITLE:<br>=3D=3D=3D=3D=3D=3D</p>
<p>G-Book 1.0 XSS, Possible authentication bypass & mass message flood<=
/p>
<p><br>SEVERITY:<br>=3D=3D=3D=3D=3D=3D=3D=3D=3D</p>
<p>High</p>
<p><br>SOFTWARE:<br>=3D=3D=3D=3D=3D=3D=3D=3D=3D</p>
<p>G-Book 1.0 </p>
<p>Support Website - <a href=3D"http://www.6al.net/six/">http://www.6al.net=
/six/</a></p>
<p><br>INFO:<br>=3D=3D=3D=3D=3D</p>
<p>G-book is extremely simple to customize and publish. There is no need fo=
r a MySQL Database. The script incorporates features </p>
<p>such as administration panel, MESSAGE APPROVAL, smilies, divided posts b=
y pages etc. Its graphics can be altered effortlessly </p>
<p>through the CSS file. In addition, G-book supports multiple languages. <=
/p>
<p><br>DESCRIPTION:<br>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D</p>
<p>G-Book 1.0 is vulnerable to a XSS attack and you can also get admin acce=
ss to the guestbook if the user hasn't deleted his </p>
<p>cookie.</p>
<p>--=3D=3DXSS=3D=3D--</p>
<p>In the message board post a message with something like this:</p>
<p><script>alert();</script></p>
<p>Another bug in G-Book is that a user can post as many messages as he wan=
ts to.</p>
<p><br>FIX:<br>=3D=3D=3D=3D</p>
<p>htmlspecialchars + a logout button which will destroy the cookies and po=
st cotrol.</p>
<p><br>VENDOR RESPONSE:<br>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
</p>
<p>Bug will be fixed in the next version.</p>
<p><br>CREDITS:<br>=3D=3D=3D=3D=3D=3D=3D=3D</p>
<p>- This vulnerability was discovered and researched by matrix_killer of h=
4cky0u Security Forums -</p>
<p>mail : matrix_k at <a href=3D"http://abv.bg">abv.bg</a></p>
<p>web : <a href=3D"http://www.h4cky0u.org/">http://www.h4cky0u.org</a><
/p>
<p><br>- Co-Researcher -</p>
<p>h4cky0u of h4cky0u Security Forums.</p>
<p>mail : h4cky0u at <a href=3D"http://gmail.com">gmail.com</a></p>
<p>web : <a href=3D"http://www.h4cky0u.org/">http://www.h4cky0u.org</a><
/p>
<p>Greets to all omega-team members + krassswr,EcLiPsE and all who support =
us !!!</p>
<p><br>ORIGINAL ADVISORY:<br>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D</p>
<p><a href=3D"http://www.h4cky0u.org/advisories/HYSA-2006-006-g-book.txt">h=
ttp://www.h4cky0u.org/advisories/HYSA-2006-006-g-book.txt</a></p><br>-- <br=
><a href=3D"http://www.h4cky0u.org">http://www.h4cky0u.org</a><br>(In)
Secur=
ity at its best...=20
------=_Part_2938_2532364.1143448240373--
--===============0523483738==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--===============0523483738==--
|
|
Go to the Top of This SecurityTracker Archive Page
|
