____________________________________________________________________________
____________________________________________________________________________

01010111 01001001 01010010 01000101 01000100  01010011 ->
01000101 01000011 01010101 01010010 01001001  01010100 ->
01011001                                                      

____________________________________________________________________________
ADVISORY: IV GUESTBOOK 3.0.2 XSS VULNERABILITY
____________________________________________________________________________

_____________________
|| 0x00: ABOUT ME
|| 0x01: DATELINE
|| 0x02: INFORMATION
|| 0x03: EXPLOITATION
|| 0x04: GOOGLE DORK
|| 0x05: RISK LEVEL

____________________________________________________________
____________________________________________________________

_________________
|| 0x00: ABOUT ME

Author: Blake
Date: May 2008
Contact: 154 836 305 (ICQ)
Website: http://wired-security.net/

_________________
|| 0x01: DATELINE

2008-05-07: Bug found
2008-05-10: Advisory released

____________________
|| 0x02: INFORMATION

The iV Guestbook 3.0.2 and all older Versions provided by
http://www.innovanique.de are vulnerable to JavaScript
injection in multiple ways. It is possible to execute code
The fields for "Name", "E-Mail", "Homepage" and "Ort/Place"
are not sanitized and therefore all can be manipulated
with malicious content.

_____________________
|| 0x03: EXPLOITATION

JavaScript Injection:

Go to the "Neuer Eintrag / New Entry" of the Guestbook software,
normally located at "ivguestbook.php?a=newentry" and input the
needed JavaScript code into the "Name" and/or "Shout" field.

For example a simple popup could be constructed by inputting:

---
Note 1: Before you do a JavaScript Injection let's look at the code.

For example:

	<input type="text" name="ivname" value="XSS HERE" size="40" maxlength="50" />

You have to escape the ' value="" ' with a simple "> before your maincode.
---

	"><script>alert("XSS");</script> ...


The more fields you manipulate, the more often the code will be executed!

____________________
|| 0x04: GOOGLE DORK

intext:"iV Guestbook"

___________________
|| 0x05: RISK LEVEL

- LOW - (1/3) -

<!> Happy Hacking <!>

____________________________________________________________________________
____________________________________________________________________________

EOF