[UNIX] MPM Guestbook Multiple Vulnerabilities (CSS, Path Disclosure)
From: SecuriTeam (support_at_securiteam.com)
Date: 11/02/03
- Previous message: SecuriTeam: "[TOOL] NSTX - Nameserver Transfer Protocol"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: list@securiteam.com Date: 2 Nov 2003 17:26:07 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
MPM Guestbook Multiple Vulnerabilities (CSS, Path Disclosure)
------------------------------------------------------------------------
SUMMARY
MPM Guestbook, "a simple guestbook with multi-language support", allows
remote attacker to inject arbitrary HTML and/or JavaScript into the web
page and to cause the product to disclose the directory under which it was
installed.
DETAILS
Vulnerable systems:
* MPM Guestbook version 1.2
The vulnerabilities are caused due to missing validation of input supplied
to the "lng" parameter. Whenever an invalid "lng" parameter is provided,
an error page is returned with the parameter (unfiltered). This can be
exploited to cause the page to include arbitrary HTML and/or JavaScript,
which will be executed in the user's browser session. The vulnerability
will allow you to reveal the path under which the program has been
installed.
Example:
http://[victim]/guestbook/?number=5&lng=%3Cscript%3Ealert(document.domain);%3C/script%3E
ADDITIONAL INFORMATION
The information has been provided by <mailto:iamroot@systemsecure.org>
David S. Ferreira.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: SecuriTeam: "[TOOL] NSTX - Nameserver Transfer Protocol"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
