AOH :: HP Unsorted G :: B06-4039.HTM

GaesteChaos <= 0.2 Multiple Vulnerabilities



GaesteChaos <= 0.2 Multiple Vulnerabilities
GaesteChaos <= 0.2 Multiple Vulnerabilities



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
      Advisory: GaesteChaos <= 0.2 Multiple Vulnerabilities
  Release Date: 2006/08/04
 Last Modified: 2006/08/03
        Author: Tamriel [tamriel at gmx dot net]
   Application: GaesteChaos <= 0.2
          Risk: Moderate
 Vendor Status: not contacted
Vendor Site: www.chaossoft.de 


 Overview:

Quote from www.chaossoft.de: 

   "GaesteChaos ist ein Gaestebuch f=FCr Ihre Homepage. Es
    ist klein und kompakt in PHP geschrieben und benutzt
    mySQL, um die Daten abzuspeichern."


 Details:

   1) In the eintragen.php are some possible cross site scripting
      vulnerabilities.

      This can be used to insert malicious code that will be executed
      on the client's machine.

      The input fields "gastname" and "gastwohnort" will be not checked
      by this script.

      
   2) SQL Injection Vulnerabilities in eintragen.php
      (arround line 35-45)
      
      ...
      
      mysql_db_query($database, "INSERT INTO $tabellekommentar SET
      eintragid = '$komwelches', name = '$gastname',email = '$gastemail',
      wohnort = '$gastwohnort', datum ='$timestamp', ip = '$tempip',
      host = '$hosti', homepage = '$gasthomepage', eintrag '$gasteintrag',
      geschlecht = '$geschlechti'");

      ...

 Solution:

      Take a view on PHP's htmlentities and mysql_real_escape_string
functions.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (MingW32)
 
iD8DBQFE0oOAqBhP+Twks7oRAgmaAJ9QB4jc4+tOujEx9dn0dbx0Ozbd9wCfav44
hL3gWUSOnSxPhKi75BB8aKs=X8Vo
-----END PGP SIGNATURE-----


The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.