------------------------------------------------------------------ - EXPL-A-2003-021 exploitlabs.com Advisory 021 ------------------------------------------------------------------ -= Miatrade Guestbook =- Aug 20, 2003 Donnie Werner morning_wood@exploitlabs.com Product: -------- Miatrade guestbook http://www.miatrade.com http://www.google.com/keyword/Miatrade+Guestbook Vunerability: ---------------- 1. persistant XSS Description of product: ----------------------- "Miatrade Guestbook gives you the ability to gather information from your visitors. They can post a public message that may include: Name, E-mail, url, Home page and Comments about your site. Miatrade guestbook let's you keep in touch with who's visiting your site and are a great way to make your site more interactive and keep visitors coming back." VUNERABILITY / EXPLOIT ====================== Miatrade guestbook does not filter HTML code from user-supplied input. A remote user can create a specially crafted URL that, when loaded by a target user, will cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the site running the Miatrade guestbook software and will run in the security context of that site. persistant XSS rendered in fields: [name] - [homepage] - [message] - live examples: demo - sign http://www.miatrade.com/cgi-bin/guest/sign.pl?fibi demo - view http://www.miatrade.com/cgi-bin/guest/view.pl?fibi Local: ------ no Remote: ------- yes Vendor Fix: ----------- No fix on 0day Vendor Contact: --------------- Concurrent with this advisory info@miatrade.com Credits: -------- Donnie Werner co-founder / CTO e2-labs.com morning_wood@e2-labs.com http://exploitlabs.com http;//nothackers.org/about.php Original advisory at http://exploitlabs.com/files/advisories/EXPL-A-2003-021-miatrade-gb.txt