Advertisement






[MajorSecurity #24] Fire-Mouse TopList <=v1.1 - Cross Site Scripting

CVE Category Price Severity
N/A CWE-79 N/A High
Author Risk Exploitation Type Date
N/A High Remote 2006-08-03
Our sensors found this exploit at: http://cxsecurity.com/ascii/WLB-2006080008

Below is a copy:

[MajorSecurity #24] Fire-Mouse TopList <=v1.1 - Cross Site Scripting

------------------------------------------------------------------------
----------------

Software: Fire-Mouse TopList v1.1

Version: 1.1

Type: Cross site scripting

Vendor: Fire-Mouse.com

Page: http://www.fire-mouse.com

TIMELINE:

----------------------------------------------

Discovered: July, 17th 2006

Contacted Vendor: July, 18th 2006

Made public: July, 22th 2006

Credits:

----------------------------------------------

Discovered by: David Vieira-Kurz

http://www.majorsecurity.de

Original Advisory:

----------------------------------------------

http://www.majorsecurity.de/advisory/major_rls24.txt

Affected Products:

----------------------------------------------

Fire-Mouse TopList v1.1 and prior

Description:

----------------------------------------------

Advanced Guestbook is a PHP-based guestbook script.

It includes many useful features such as preview, templates, e-mail notification, picture upload, page spanning ,

html tags handling, smilies, advanced guestbook codes and language support.

The admin script lets you modify, view, and delete messages. Requires PHP4 and MySQL.

Requirements:

----------------------------------------------

register_globals = On

Vulnerabilities:

----------------------------------------------

XSS:

Input passed directly to the "Seitenname" parameter in "add.php" is not properly sanitised before being returned to the user.

This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

It works with a script code like this:

>'><script>alert('MajorSecurity')</script>

Solution:

----------------------------------------------

Edit the source code to ensure that input is properly sanitised.

You should work with "htmlspecialchars()" or "htmlentities()" php-function to ensure that html tags

are not going to be executed.

Example:

<?php

$pass = htmlentities($_POST['pass']);

echo htmlspecialchars("<script");

?>

Set "register_globals" to "Off".

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum