16th Apr 2003 [SBWID-6161]
COMMAND
FipsGuestbook script injection
SYSTEMS AFFECTED
Version 1.12.7
PROBLEM
Black Tigerz Research Group reported about FipsGuestbook. Written
entirely in ASP and VBScript, easy to install ASP guestbook manager
with web based administration panel.
Vulnerability:
new_entry.asp neglects filtering user input allowing for script
injection to the guestbook via "Name" field. The injected script will
be executed in anyones browser who visits the guestbook.
SOLUTION
??
The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2009 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.
