SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Guestbook (Chi Kien Uong) Vendors:   Chi Kien Uong
Chi Kien Uong Guestbook Input Validation Flaw Permits Remote Cross-Site Scripting Attacks
SecurityTracker Alert ID:  1008006
SecurityTracker URL:  http://securitytracker.com/id/1008006
CVE Reference:   CVE-2003-1136   (Links to External Site)
Updated:  May 19 2008
Original Entry Date:  Oct 27 2003
Impact:   Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Exploit Included:  Yes  
Version(s): 1.51
Description:   An input validation vulnerability was reported in Chi Kien Uong's Guestbook software. A remote user can conduct cross-site scripting attacks against Guestbook users.

It is reported that when HTML is enabled, the software does not filter HTML tags to prevent scripting code. A remote user can submit a specially crafted guest book message that, when viewed by a target user, will cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the site running the vulnerable Guestbook software and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

The vendor has reportedly been notified.

Impact:   A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the vulnerable Guestbook software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution:   No solution was available at the time of this entry.
Vendor URL:  proxy2.de/scripts.php (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  New Vulnerability


I would like to submit a vulnerability that I just recently discovered. I
have already contacted the vendor of the software that I discovered the bug
in, but they have not gotten back to me. There are two Code Injection/CSS
vulnerabilities that exist in Guestbook Version 1.51 by Chi Kien Uong
(www.proxy2.de). Although I have not checked, it would not come as a
surprise if prior versions are vulnerable as well.

The first vulnerability arises when HTML is enabled. When a user posts a
message with HTML in it, the tags that are used are not filtered in any way.
Thus, anyone viewing the guestbook is vulnerable to attack (redirection,
cookie stealing, etc.)

The second vulnerability is quite a bit less severe. When a user submits an
e-mail address or a URL, double quotation marks are not filtered. So, if the
first character of the e-mail or URL input is a double quotation mark, all
data after that is appended to the e-mail or URL link. If I were to submit
this:

            " onmouseover="alert(document.cookie)

as my e-mail address or homepage URL, that exact attribute would be added to
the link. Anyone viewing the guestbook could be attacked in several of the
same ways as with the first vulnerability that I described. It is less
severe, though, because they would have to click on or hover over the link
to initiate the attack.

These vulnerabilities were discovered on October 23, 2003.

I would appreciate being informed if this vulnerability gets posted. Thanks!

Joshua P. Miller
jpmiller@tds.net

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC