Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: Guestbooks :: bt1478.txt

Orplex guestbook script injection. CGI:






----- Original Message ----- 
From: "drG4njubas" <drG4nj@mail.ru>
To: <bugtraq@securityfocus.com>
Sent: Monday, April 07, 2003 1:01 AM
Subject: Orplex guestbook script injection.


> This advisory and other useful files can
> be found at http://www.blacktigerz.org
> 
> 
> Date:
> 07.04.2003
> 
> Subject:
> Orplex guestbook script injection.
> 
> Description:
> Free asp guestbook. Main fetures are:inserting 
> smiles as icons; web-based administration; bad word 
> filtering.
> 
> Vendor:
> Orplex consulting inc.
> http://www.orplex.com
> 
> Vulnerability:
> addentry.asp neglects filtering user input allowing 
> for script injection to the guestbook via "Name" 
> and "Massage" fields. The injected script will be 
> executed in anyones browser who visits the guestbook.
> 
> 
> Black Tigerz Research Group
> We are:Areus,Barracuda,n1Tr0f4n,Velzevol,drG4njubas.
> Please visit our website: http://www.blacktigerz.org 
> 


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH