Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » BG Guestbook Cross Site Scripting

BG Guestbook Cross Site Scripting

by Nikola Strahija on March 18th, 2002 BG GuestBook a php guestbook that utilizes mysql, has a Macromedia Flash interface and is also capable of using HTML only, where Flash is not supported.


A Cross Site Scripting vulnerability exists in BG
GuestBook. This would allow a remote attacker to
send information to victims from untrusted web
servers, and make it look as if the information
came from the legitimate server.


Details
-------
Both the Flash and HTML only versions are
vulnerable to Cross Site Scripting attacks.
All of the input fields (including name, email, AIM,
location, website and message) in the posting form
are vulnerable to this type of attack.


Example input to any of the above fields:
<script>alert("ALPERz was here!")</script>

After submitting this information, whenever anyone
browses the guestbook's main page, the script will
take effect.


Solution
--------
The vendor confirmed the vulnerability and released a
new version on the same day of the bug's discovery.

I suggested the following as a workaround:
Strip HTML tags, and possibly other malicious code
within "signgbook.php".
I suggest the following as a workaround;
At the beginning of "signgbook.php" add the lines
below;

# Patch Start
$name= strip_tags ($name);
$email= strip_tags ($email);
$aimscr= strip_tags ($aimscr);
$website= strip_tags ($website);
$loc= strip_tags ($loc);
$msg= strip_tags ($msg);
# Patch End


Credits
-------
Discovered on 15, March, 2002 by
Ahmet Sabri ALPER
[email protected]
http://www.olympos.org


References
----------
Product Web Page: http://billyg.no-ip.com:8080/bggb/


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »