Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: Guestbooks :: a6127.htm

Orplex guestbook script injection



9th Apr 2003 [SBWID-6127]
COMMAND

	Orplex guestbook script injection

SYSTEMS AFFECTED

	current version

PROBLEM

	Black   Tigerz   Research   Group   [http://www.blacktigerz.org]   found
	following  about  Orplex,  a  free  asp  guestbook.  Main  fetures  are:
	inserting  smiles  as  icons;   web-based   administration;   bad   word
	filtering. [http://www.orplex.com].
	
	addentry.asp  neglects  filtering  user  input   allowing   for   script
	injection  to  the  guestbook  via  "Name"  and  "Massage"  fields.  The
	injected script will be executed  in  anyones  browser  who  visits  the
	guestbook.

SOLUTION

	Unknown


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH