SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   GuestBook (MPCSoftWeb) Vendors:   MPCSoftWeb
MPCSoftWeb GuestBook Discloses Administrator Password to Remote Users
SecurityTracker Alert ID:  1006612
SecurityTracker URL:  http://securitytracker.com/id/1006612
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Apr 21 2003
Impact:   Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Exploit Included:  Yes  

Description:   Several vulnerabilities were reported in the MPCSoftWeb GuestBook software. A remote user can download the underlying database and obtain the administrator's password. A remote user can also conduct cross-site scripting attacks.

Black Tigerz Research Group reported that the 'insertguest.asp' script does not filter user-supplied input to remove HTML code from the "Name", "location", and "comment" fields. A remote user can submit a specially crafted value in any of these fields so that, when a target user views the guest book entry, arbitrary scripting code will be executed by the target user's browser. The code will originate from the site running the guest book software and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

It is also reported that a remote user can download the underlying MS Access database, which includes the administrator's password. A demonstration exploit URL is provided:

http://[target]/mpcsoftweb_guestbook/database/mpcsoftweb_guestdata.mdb

Impact:   A remote user can obtain the guest book database, which includes the administrator's password.

A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the guest book software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

Solution:   No solution was available at the time of this entry.
Vendor URL:  www.mpcsoftweb.co.uk/pages/mpc_guestbook.asp (Links to External Site)
Cause:   Access control error, Input validation error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  MPCSoftWeb Guest Book vulnerabilities.


Date:
20.04.2003

Subject:
MPCSoftWeb Guest Book vulnerabilities.

Description:
This Guest Book is designed to be easy to use and configure, 
it uses a Microsoft Access 2000 database to store the messages. 
It has a number of features: emoticons and text formatting, 
a profanity or unwanted word filter, which can be modified as required,
images can be used in the Guest Book, e-mail notification of Guest 
Book entries, COOKIES can be used by the Guest Book administrator. 

Vendor:
www.mpcsoftweb.co.uk

Vulnerability:
insertguest.asp neglects filtering user input allowing 
for script injection to the guestbook via "Name",
"location" and "comment" fields. The injected 
script will be executed in anyones browser who visits the 
guestbook.

An attaker may download MS Acces database to gain 
administrator's password, which is not encrypted at all.
Example:
http://www.target.com/mpcsoftweb_guestbook/database/mpcsoftweb_guestdata
.mdb

Vulnerability discovered by Black Tigerz Research Group
We are:Areus,Barracuda,n1Tr0f4n,Velzevol,n3ch,drG4njubas.
Please visit our website: http://www.blacktigerz.org 

Our team needs more members, please drop a mail to 
membership@blacktigerz.org for more information.


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC