Hello Bugtraq! I want to warn you about security vulnerabilities in SimpGB. Earlier I already wrote about other vulnerabilities in SimpGB - SecurityVulns ID: 10412 (http://securityvulns.ru/news/CGI/2009.11.19.html). ----------------------------- Advisory: Cross-Site Scripting vulnerabilities in SimpGB ----------------------------- URL: http://websecurity.com.ua/4252/ ----------------------------- Affected products: SimpGB V1.37.3 and previous versions. As I checked, in SimpGB v1.49.01 there still is XSS via Flash. ----------------------------- Timeline: 26.10.2009 - found vulnerabilities. 01.06.2010 - announced at my site. 02.06.2010 - informed developer. 14.07.2010 - disclosed at my site. ----------------------------- Details: These are Cross-Site Scripting (persistent XSS) vulnerabilities. XSS: There are persistent XSS in three functionalities of web application. POST request at pages: http://site/guestbook.php?lang=en&mode=new&layout=default http://site/guestbook.php?lang=en&mode=new&layout=default"e=1 http://site/admin/usered.php?lang=en&mode=comment&input_entrynr=1&entrylang=en <script>alert(document.cookie)</script> In field Name. [swf width=1 height=1]http://site/flash.swf[/swf] In field Text. The attack is possible on old versions of flash player, where there was less strict security policy and it was possible to execute JS-code from flash files from external sites. In 9 and next versions of flash player the attack will work only if swf-file will be at the same domain. Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua
