AOH :: Web :: Guestbooks

AOH :: Web :: Guestbooks :: A6134.HTM
ISC guestbook script injection vulnerability

10th Apr 2003 [SBWID-6134]

COMMAND

	ISC guestbook script injection vulnerability

SYSTEMS AFFECTED

	current version

PROBLEM

	Black Tigerz Research Group [www.blacktigerz.org] found following  about
	ISC guestbook, Free, easy to use asp  powered  guestbook.  Main  fetures
	are:     web-based     administration,      bad      word      filtering
	[http://www.isc-online.at/].
	
	gb_eintragen.asp neglects  filtering  user  input  allowing  for  script
	injection to the guestbook  via  "Ihr  Name",  "Ihre  EMail"  and  "Ihre
	Homepage" fields. The  injected  script  will  be  executed  in  anyones
	browser who visits the guestbook.

SOLUTION

	??

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better). Site design & layout copyright © 1986-2009 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.