Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: Guestbooks :: a6134.htm

ISC guestbook script injection vulnerability



10th Apr 2003 [SBWID-6134]
COMMAND

	ISC guestbook script injection vulnerability

SYSTEMS AFFECTED

	current version

PROBLEM

	Black Tigerz Research Group [www.blacktigerz.org] found following  about
	ISC guestbook, Free, easy to use asp  powered  guestbook.  Main  fetures
	are:     web-based     administration,      bad      word      filtering
	[http://www.isc-online.at/].
	
	gb_eintragen.asp neglects  filtering  user  input  allowing  for  script
	injection to the guestbook  via  "Ihr  Name",  "Ihre  EMail"  and  "Ihre
	Homepage" fields. The  injected  script  will  be  executed  in  anyones
	browser who visits the guestbook.

SOLUTION

	??


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH