Vulnerability:
gb_eintragen.asp neglects filtering user input allowing
for script injection to the guestbook via "Ihr Name",
"Ihre EMail" and "Ihre Homepage" fields. The injected
script will be executed in anyones browser who visits the
guestbook.
Black Tigerz Research Group
We are:Areus,Barracuda,n1Tr0f4n,Velzevol,drG4njubas.
Please visit our website: http://www.blacktigerz.org
Date:
08.04.2003
Subject:
ISC guestbook script injection vulnerability.
Description:
Free, easy to use asp powered guestbook.
Main fetures are: web-based administration,
bad word filtering.
Vendor:
http://www.isc-online.at
Download:
http://www.isc-online.at/downloads/gb.zip
Vulnerability:
gb_eintragen.asp neglects filtering user input allowing
for script injection to the guestbook via "Ihr Name",
"Ihre EMail" and "Ihre Homepage" fields. The injected
script will be executed in anyones browser who visits the
guestbook.
Black Tigerz Research Group
We are:Areus,Barracuda,n1Tr0f4n,Velzevol,drG4njubas.
Please visit our website: http://www.blacktigerz.org
[ reply ]