Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: Guestbooks :: b06-3710.htm

hdweGUEST <= 2.1.1 Cross Site Scripting Vulnerabilities



hdweGUEST <= 2.1.1 Cross Site Scripting Vulnerabilities
hdweGUEST <= 2.1.1 Cross Site Scripting Vulnerabilities



-----BEGIN PGP SIGNED MESSAGE-----=0D
Hash: SHA1=0D
=0D
      Advisory: hdweGUEST <= 2.1.1 Cross Site Scripting Vulnerabilities=0D
  Release Date: 2006/07/18=0D
 Last Modified: 2006/07/18=0D
        Author: Tamriel [tamriel at gmx dot net]=0D
   Application: hdweGUEST 2.1.1=0D
          Risk: Low=0D
 Vendor Status: contacted | no reply | no patch available=0D
Vendor Site: www.huttenlocher-webdesign.de=0D 
=0D
 Overview:=0D
=0D
Quote from www.huttenlocher-webdesign.de=0D 
=0D
   "hwdeGUEST ist ein Gaestebuch geschrieben in PHP. Es bietet dem =0D
    Betreiber eine Vielzahl von Moeglichkeiten"=0D
=0D
=0D
 Details:=0D
=0D
      In the new_entry.php are some possible cross site scripting=0D
      vulnerabilities.=0D
=0D
      This can be used to insert malicious code that will be executed=0D
      on the client's machine.=0D
=0D
      All user inputs are not checked by the script, only in this lines=0D
      (arround line 250-255)=0D
=0D
      ...=0D
=0D
      $username=trim($username);=0D
      $usernachricht=trim($usernachricht);=0D
      if($GLOBALS[html_allowed]==0)=0D
        {$usernachricht=strip_tags($usernachricht);}=0D
=0D
      ...=0D
=0D
      and the mail input is checked by this function:=0D
      (arround line 70-80)=0D
=0D
      ...=0D
=0D
      if(strstr($adresse,"@"))=0D
         {=0D
            $temp_adresse=explode("@",$adresse);=0D
            if(strstr($temp_adresse[1],"."))=0D
               {=0D
                  if(strlen($adresse)<8)=0D
                     {return false;}=0D
                     else=0D
                        {return true;}=0D
               }=0D
                else=0D
                   {return false;}=0D
         }=0D
=0D
      ...=0D
=0D
=0D
 Proof of Concept:=0D
=0D
      Insert HTML/JS Code like "name" into the name input field =0D
      on "new entry" page.=0D
=0D
=0D
 Solution/Note:=0D
=0D
      It is strongly recommended to update your script by yourself.=0D
      Use the htmlentities() function and replace some insecure functions=0D
      like the checke_email()'s one with proper code.=0D
=0D
 Greets:=0D
=0D
      Greets fly out to all people at bluegeek.de=0D
=0D
-----BEGIN PGP SIGNATURE-----=0D
Version: GnuPG v1.4.3=0D
=0D
iD8DBQFEvUFbqBhP+Twks7oRAuMvAJ9DVq0ByFhWguU4iss8V3Z2mzk9KACfTp/u=0D
ZjypE373XsBXJW4HJNURdHc==0D
=Q3xe=0D
-----END PGP SIGNATURE-----


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH