SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Sign Here! Guest Book Vendors:   BitStrike Software
Sign Here! Guest Book Input Validation Flaw Allows Cross-Site Scripting Attacks
SecurityTracker Alert ID:  1006490
SecurityTracker URL:  http://securitytracker.com/id/1006490
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Apr 5 2003
Impact:   Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information


Description:   An input validation vulnerability was reported in the "Sign Here!" Guest Book. A remote user can conduct cross-site scripting attacks against guest book users.

Black Tigerz Research Group reported that the 'default.asp' script does not filter HTML code from user-supplied input in the 'Email' field. A remote user can insert a specially crafted e-mail name so that when a target user views the guest book entry, arbitrary scripting code will be executed by the target user's browser. The code will originate from the site running the "Sign Here!" Guest Book and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

[Editor's note: As of the time of this entry, the 'signhere.zip' and 'signhere-1.zip' distribution files on the vendor's web site do not contain a 'default.asp' script. The distribution files contain a sample 'gb.asp' script that you can customize. The code that fails to perform the filtering is in 'gb_func.asp'. It appears that the vulnerable function is gb_addRecord(). It is interesting to note that the gb_editRecord() function does apply filtering to the input, but gb_addRecord() does not.]

Impact:   A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the "Sign Here!" Guest Book software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.bitstrike.com/guestbook/index.php (Links to External Site)
Cause:   Input validation error
Underlying OS:  Windows (NT), Windows (2000)

Message History:   None.


 Source Message Contents

Subject:  SignHere guestbook vulnerability.


This advisory nd other useful files 
can be found at www.blacktigerz.org

Subject:
SignHere guestbook vulnerability.

Description:
Free, easy-to-use guestbook. Main features are: message text 
formatting (bold text, urls etc.); inserting smiles as icons; 
web-based administration; email notifications about new posts. 
Also html output is optimized to maximize download speed. 

Vendor:
Bitstrike software.
http://www.bitstrike.com

Vulnerability:
Default.asp neglects filtering user input allowing 
for script injection to the guestbook via "Email" 
field. The injected script will be executed in 
anyones browser who visits the guestbook.

____________________________
Best Regards,   drG4njubas
Black Tigerz Research Group
http://www.blacktigerz.org

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC