logo Home

Untitled Document

Home > Archives Advisories > Articles


Untitled Document

Untitled Document

CGI-City's CCGuestBook Script Injection Vulns
Date: 2003-03-30

Author : BrainRawt . <brainrawt@hotmail.com>

CGI-City's CCGuestBook Script Injection Vulnerabilities
Discovered By BrainRawt (brainrawt@hotmail.com)

About CCGuestBook:
------------------
CC Guestbook is a simple guestbook program that is very easy
to configure and install. It features a notification facility
which sends an email alert to the guestbook owner whenever new
entries are made. It may also be used as a post-it board to
allow visitors to a web site to just post messages.

CCGuestBook can be downloaded from the following address.

http://www.icthus.net/CGI-City/scr_cgicity.shtml#CCGUEST


Vendor Contact:
----------------
1-30-03 Emailed cgicity@icthus.net

No Response

Vulnerability:
----------------
cc_guestbook.pl neglects filtering user input allowing for script
injection to the guestbook via "name" and "webpage title". The
injected script will be executed in anyones browser who visits
the guestbook.


Exploit (POC):
----------------
<script>alert('obvious?')</script>




 

arrowSearch Advisories

arrowNewsletter

Free weekly Newsletter.

Please enter your email address here:
arrowReport Vulnerability

If you've found a vulnerability please
click here to report it.
arrowPartners

newsnow

About Us | Contact Us | Advertise | email | Backend flag
Copyright © 2016-2017 Security Corporation - All Rights Reserved - Legal - Privacy Policy