SCSA008.txt

SCSA008.txt: Posted Mar 4, 2003; Authored by Gregory Le Bras | Site security-corp.org; Security Corporation Security Advisory [SCSA-008]: PY-Livredor, an easy to use guestboot script using PHP4 and MySQL, has a Cross-Site Scripting vulnerability which allows attackers to inject script codes into the guestbook and use them on clients browser as if they were provided by the website.; tags | advisory, xss; SHA-256 | 8e452a589bcc5d7f1921b78aac7837a947c605a6c2a5dd92adfcfa8b5afe4b97; Download | Favorite | View

SCSA008.txt

________________________________________________________________________

Security Corporation Security Advisory [SCSA-008]
________________________________________________________________________

PROGRAM: PY-Livredor
HOMEPAGE: http://www.py-scripts.com
                       http://www.scripts-php.com
VULNERABLE VERSIONS: v1.0
________________________________________________________________________

DESCRIPTION
________________________________________________________________________

PY-Livredor is an easy guestbook script using Php4 and MySql with
an administration which allow messages deletion.


DETAILS
________________________________________________________________________

A Cross-Site Scripting vulnerability have been found in PY-Livredor
which allow attackers to inject script codes into the guestbook and use
them on clients browser as if they were provided by the website.

This Cross-Site Scripting vulnerability are found in the page for
posting messages (index.php)

An attacker can input specially crafted links and/or other
malicious scripts.


EXPLOIT
________________________________________________________________________

A vulnerability was discovered in the page for posting messages,
at this adress :

http://[target]/livredor/index.php


The vulnerability is at the level of the interpretation of the "titre",
"Votre pseudo", "Votre e-mail", "Votre message" fields.

Indeed, the insertion of a hostile code script in this field makes it
possible to a malicious user to carry out this script on the navigator
of the visitors.


The hostile code could be :

[script]alert("Cookie="+document.cookie)[/script]

(open a window with the cookie of the visitor.)

(replace [] by <>)


SOLUTIONS
________________________________________________________________________

No solution for the moment.


VENDOR STATUS
________________________________________________________________________

The vendor has reportedly been notified.


LINKS
________________________________________________________________________

http://www.security-corp.org/index.php?ink=4-15-1

Version Française :

http://www.security-corp.org/advisories/SCSA-008-FR.txt


------------------------------------------------------------
Grégory Le Bras aka GaLiaRePt | http://www.Security-Corp.org
------------------------------------------------------------

Top Authors In Last 30 Days

Red Hat 227 files
indoushka 150 files
Jay Turla 150 files
Ubuntu 64 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
H D Moore 31 files
Karn Ganeshen 23 files
Pedro Ribeiro 22 files

File Archives

Systems

AIX (430)
Apple (2,104)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,119)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,567)
HPUX (881)
iOS (387)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,136)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,775)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,828)
UNIX (9,454)
UnixWare (188)
Windows (6,766)
Other

SCSA008.txt

SCSA008.txt

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

SCSA008.txt

Share This

SCSA008.txt

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems