Toms Gastebuch Header.PHP Multiple Cross-Site Scripting Vulnerabilities
BID:25598
Info
Toms Gastebuch Header.PHP Multiple Cross-Site Scripting Vulnerabilities
| Bugtraq ID: | 25598 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-4896 |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 08 2007 12:00AM |
| Updated: | May 07 2015 05:35PM |
| Credit: | hd1979 is credited with discovering these vulnerabilities. |
| Vulnerable: |
Toms-Seiten.at Toms Gastebuch 1.01 Toms-Seiten.at Toms Gastebuch 1.00 |
| Not Vulnerable: |
Toms-Seiten.at Toms Gastebuch 1.02 |
Discussion
Toms Gastebuch Header.PHP Multiple Cross-Site Scripting Vulnerabilities
Toms Gastebuch is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
These issues are related to the vulnerabilities discussed in BID 25507 (Toms Gästebuch Multiple Cross-Site Scripting Vulnerabilities) and may be a result of an incomplete fix for those issues.
Toms Gastebuch is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
These issues are related to the vulnerabilities discussed in BID 25507 (Toms Gästebuch Multiple Cross-Site Scripting Vulnerabilities) and may be a result of an incomplete fix for those issues.
Exploit / POC
Toms Gastebuch Header.PHP Multiple Cross-Site Scripting Vulnerabilities
An attacker can exploit these issues by enticing an unsuspecting user to follow a malicious URI.
The following example URI is available:
http://www.example.com//admin/header.php?lang[adminseite]=XSS&lang[ueberschrift]=XSS&einst[metachar]=XSS
An attacker can exploit these issues by enticing an unsuspecting user to follow a malicious URI.
The following example URI is available:
http://www.example.com//admin/header.php?lang[adminseite]=XSS&lang[ueberschrift]=XSS&einst[metachar]=XSS
Solution / Fix
Toms Gastebuch Header.PHP Multiple Cross-Site Scripting Vulnerabilities
Solution:
The vendor released an update to address this issue. Please see the references for more information.
Toms-Seiten.at Toms Gastebuch 1.00
Solution:
The vendor released an update to address this issue. Please see the references for more information.
Toms-Seiten.at Toms Gastebuch 1.00
-
Toms-Seiten.at Toms Gastebuch 1.02
http://www.toms-seiten.at/iv_downloads/details.php?dl_id=3&language=de
References
Toms Gastebuch Header.PHP Multiple Cross-Site Scripting Vulnerabilities
References:
References:
- Toms Gästebuch Download Page (Toms-Seiten.at)
- Re: Re: Re: Toms Gastebuch 1.00 - XSS ([email protected])
- Re: Re: Toms G?stebuch 1.00 - XSS (hd1979)