Subject:
FipsGuestbook Version 1.12.7 script injection.
Description:
Written entirely in ASP and VBScript, easy to install
ASP guestbook manager with web based administration panel.
Vendor:
FipsASP
http://www.fips.at.tf
Vulnerability:
new_entry.asp neglects filtering user input allowing
for script injection to the guestbook via "Name" field.
The injected script will be executed in anyones browser
who visits the guestbook.
Black Tigerz Research Group
We are:Areus,Barracuda,n1Tr0f4n,Velzevol,n3ch,drG4njubas.
Please visit our website: http://www.blacktigerz.org
14.04.2003
Subject:
FipsGuestbook Version 1.12.7 script injection.
Description:
Written entirely in ASP and VBScript, easy to install
ASP guestbook manager with web based administration panel.
Vendor:
FipsASP
http://www.fips.at.tf
Vulnerability:
new_entry.asp neglects filtering user input allowing
for script injection to the guestbook via "Name" field.
The injected script will be executed in anyones browser
who visits the guestbook.
Black Tigerz Research Group
We are:Areus,Barracuda,n1Tr0f4n,Velzevol,n3ch,drG4njubas.
Please visit our website: http://www.blacktigerz.org
[ reply ]