Emefa Guestbook 1.2 is reportedly vulnerable to an HTML injection vulnerability due to a lack of properly sanitized user-supplied input.
9902ed2d23dcac2d814fd059bf6ab9d6bc965f2c3aab42d6436fce90009d9ce6
Ref: SS#17082005
SYSTEMSECURE.ORG - Advisory/Exploit
* PUBLIC ADVISORY *
Software:
Emefa Guestbook v1.2
Link:
http://www.emefa.myserver.org/comp/guestview.php
Attacks:
HTML Injection Vulnerability
Discovered by:
David Sopas Ferreira [SmOk3] » smok3f00 at gmail.com
-- ! Description !--
Emefa Guestbook is reportedly vulnerable to an HTML injection vulnerability. This is due to the application failing to properly sanitize user-supplied input. The problem is in file "sign.asp" on fields (name, email, location and message). An attacker could also exploit this issue to control how the site is rendered to the user, other attacks are also possible.
PoC:
All fields on "sign.asp":
<h1>can be exploited</h1>
-- ! Solution !--
Filter out the variables from malicious code.
-- ! Vendor !--
Contacted and didn't replyed.
<base64>Rm9y52EgUG9ydHVnYWw=</base64>
-EOF-