SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   PY-Livredor Vendors:   Legendre, Pierre-Yves
PY-Livredor Guest Book Input Validation Holes in Certain Fields Let Remote Users Conduct Cross-Site Scripting Attacks
SecurityTracker Alert ID:  1006190
SecurityTracker URL:  http://securitytracker.com/id/1006190
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Mar 2 2003
Impact:   Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Exploit Included:  Yes  
Version(s): 1.0
Description:   An input validation vulnerability was reported in the PY-Livredor guest book software. A remote user can conduct cross-site scripting attacks.

Security Corporation reported that the page for posting messages (index.php) permits a remote user to inject HTML code into the "titre", "Votre pseudo", "Votre e-mail", and "Votre message" fields. A remote user can insert some specially crafted values so that when a target user views the guest book, arbitrary scripting code will be executed by the target user's browser. The code will originate from the site running the PY-Livredor and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

The vendor has reportedly been notified.

Impact:   A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running PY-Livredor, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.py-scripts.com/download.php?pyid=1 (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   None.


 Source Message Contents

Subject:  [Full-Disclosure] [SCSA-008] Cross Site Scripting & Script Injection Vulnerability in PY-Livredor


________________________________________________________________________

Security Corporation Security Advisory [SCSA-008]
________________________________________________________________________

PROGRAM: PY-Livredor
HOMEPAGE: http://www.py-scripts.com
                       http://www.scripts-php.com
VULNERABLE VERSIONS: v1.0
________________________________________________________________________

DESCRIPTION
________________________________________________________________________

PY-Livredor is an easy guestbook script using Php4 and MySql with
an administration which allow messages deletion.


DETAILS
________________________________________________________________________

A Cross-Site Scripting vulnerability have been found in PY-Livredor
which allow attackers to inject script codes into the guestbook and use
them on clients browser as if they were provided by the website.

This Cross-Site Scripting vulnerability are found in the page for
posting messages (index.php)

An attacker can input specially crafted links and/or other
malicious scripts.


EXPLOIT
________________________________________________________________________

A vulnerability was discovered in the page for posting messages,
at this adress :

http://[target]/livredor/index.php


The vulnerability is at the level of the interpretation of the "titre",
"Votre pseudo", "Votre e-mail", "Votre message" fields.

Indeed, the insertion of a hostile code script in this field makes it
possible to a malicious user to carry out this script on the navigator
of the visitors.


The hostile code could be :

[script]alert("Cookie="+document.cookie)[/script]

(open a window with the cookie of the visitor.)

(replace [] by <>)


SOLUTIONS
________________________________________________________________________

No solution for the moment.


VENDOR STATUS
________________________________________________________________________

The vendor has reportedly been notified.


LINKS
________________________________________________________________________

http://www.security-corp.org/index.php?ink=4-15-1


http://www.security-corp.org/advisories/SCSA-008-FR.txt


------------------------------------------------------------
------------------------------------------------------------



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC