@lex Guestbook Index.PHP Multiple Input Validation Vulnerabilities

Bugtraq ID:	21373
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Nov 30 2006 12:00AM
Updated:	Dec 05 2006 07:29PM
Credit:	Mr_KaLiMaN is credited with the discovery of these vulnerabilities.
Vulnerable:	@lexPHPTeam @lex Guestbook 4.0.1
Not Vulnerable:	@lexPHPTeam @lex Guestbook 4.0.2

@lex Guestbook Index.PHP Multiple Input Validation Vulnerabilities

@lex Guestbook is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input.

An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user and to retrieve sensitive information. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Version 4.0.1 is vulnerable to these issues.

@lex Guestbook Index.PHP Multiple Input Validation Vulnerabilities

An attacker can trigger this vulnerability by enticing a victim user to follow a malicious URI.

@lex Guestbook Index.PHP Multiple Input Validation Vulnerabilities

Solution:
The vendor has released an update to address these issues; please see the references for more information.

@lex Guestbook Index.PHP Multiple Input Validation Vulnerabilities

References:

• @lex Guestbook Homepage (@lexPHPTeam)
  
• @lex Guestbook 4.0.1 : Full Path Disclosure & XSS ([email protected])