AOH :: Web :: Guestbooks

AOH :: Web :: Guestbooks :: A6127.HTM
Orplex guestbook script injection

9th Apr 2003 [SBWID-6127]

COMMAND

	Orplex guestbook script injection

SYSTEMS AFFECTED

	current version

PROBLEM

	Black   Tigerz   Research   Group   [http://www.blacktigerz.org]   found
	following  about  Orplex,  a  free  asp  guestbook.  Main  fetures  are:
	inserting  smiles  as  icons;   web-based   administration;   bad   word
	filtering. [http://www.orplex.com].
	
	addentry.asp  neglects  filtering  user  input   allowing   for   script
	injection  to  the  guestbook  via  "Name"  and  "Massage"  fields.  The
	injected script will be executed  in  anyones  browser  who  visits  the
	guestbook.

SOLUTION

	Unknown

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better). Site design & layout copyright © 1986-2009 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.