Web Fresh Fresh Guest Book HTML Injection Vulnerability
BID:9995
Info
Web Fresh Fresh Guest Book HTML Injection Vulnerability
| Bugtraq ID: | 9995 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 29 2004 12:00AM |
| Updated: | Mar 29 2004 12:00AM |
| Credit: | Discovery of this issue is credited to koi8-r Shelz <[email protected]> |
| Vulnerable: |
Web Fresh Fresh Guest Book MySQL 1.0 Web Fresh Fresh Guest Book 2.1 Web Fresh Fresh Guest Book 2.0 |
| Not Vulnerable: | |
Discussion
Web Fresh Fresh Guest Book HTML Injection Vulnerability
It has been reported that Fresh Guest Book is prone to a remote HTML injection vulnerability. This issue is due to a failure of the application to properly sanitize user supplied form input.
An attacker may exploit the aforementioned vulnerabilities to execute arbitrary script code in the browser of an unsuspecting user. It may be possible to steal the unsuspecting user's cookie-based authentication credentials, as well as other sensitive information. Other attacks may also be possible.
It has been reported that Fresh Guest Book is prone to a remote HTML injection vulnerability. This issue is due to a failure of the application to properly sanitize user supplied form input.
An attacker may exploit the aforementioned vulnerabilities to execute arbitrary script code in the browser of an unsuspecting user. It may be possible to steal the unsuspecting user's cookie-based authentication credentials, as well as other sensitive information. Other attacks may also be possible.
Exploit / POC
Web Fresh Fresh Guest Book HTML Injection Vulnerability
No exploit is required to leverage this issue. The following proof of concept has been provided.
Pass the following into the application through the 'Name' field:
<script>alert('xss');</script>
No exploit is required to leverage this issue. The following proof of concept has been provided.
Pass the following into the application through the 'Name' field:
<script>alert('xss');</script>
Solution / Fix
Web Fresh Fresh Guest Book HTML Injection Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Web Fresh Fresh Guest Book HTML Injection Vulnerability
References:
References:
- Vendor Home Page (Web Fresh)
- vuln (koi8-r Shelz
)