SecurityvulnsSECURITYVULNS:DOC:11966[Full-disclosure] HYSA-2006-006 G-Book 1.0 XSS And Other Vulnerabilities
HYSA-2006-006 h4cky0u.org Advisory 015
Date - Mon March 27 2006
TITLE:
G-Book 1.0 XSS, Possible authentication bypass & mass message flood
SEVERITY:
High
SOFTWARE:
G-Book 1.0
Support Website - http://www.6al.net/six/
INFO:
G-book is extremely simple to customize and publish. There is no need for a
MySQL Database. The script incorporates features
such as administration panel, MESSAGE APPROVAL, smilies, divided posts by
pages etc. Its graphics can be altered effortlessly
through the CSS file. In addition, G-book supports multiple languages.
DESCRIPTION:
G-Book 1.0 is vulnerable to a XSS attack and you can also get admin access
to the guestbook if the user hasn't deleted his
cookie.
β==XSS==β
In the message board post a message with something like this:
<script>alert();</script>
Another bug in G-Book is that a user can post as many messages as he wants
to.
FIX:
htmlspecialchars + a logout button which will destroy the cookies and post
cotrol.
VENDOR RESPONSE:
Bug will be fixed in the next version.
CREDITS:
- This vulnerability was discovered and researched by matrix_killer of
h4cky0u Security Forums -
mail : matrix_k at abv.bg
web : http://www.h4cky0u.org
- Co-Researcher -
h4cky0u of h4cky0u Security Forums.
mail : h4cky0u at gmail.com
web : http://www.h4cky0u.org
Greets to all omega-team members + krassswr,EcLiPsE and all who support us
!!!
ORIGINAL ADVISORY:
http://www.h4cky0u.org/advisories/HYSA-2006-006-g-book.txt
β
http://www.h4cky0u.org
(In)Security at its bestβ¦