发布时间 :2002-08-12 00:00:00
修订时间 :2008-09-05 16:28:04

[原文]Cross-site scripting vulnerability in signgbook.php for BG GuestBook 1.0 allows remote attackers to execute arbitrary Javascript via encoded tags such as <, >, and & in fields such as (1) name, (2) email, (3) AIM screen name, (4) website, (5) location, or (6) message.

[CNNVD]BG Guestbook存在跨站脚本执行漏洞(CNNVD-200208-102)

        BG Guestbook是一款免费的WEB应用程序,运行在多种Unix和Linux系统平台下,也可运行于Windows平台下,支持HTML或者FLASH效果,由PHP实现并可用MySQL数据库作后台支持。
        BG Guestbook对用户输入过滤上存在漏洞,可使远程攻击者利用在相关输入栏中输入恶意脚本代码对其他浏览用户进行跨站脚本执行攻击。
        BG Guestbook在任何输入栏中(容易email、aim、站点等)的输入信息没有充分过滤,可导致攻击者在这些栏的内容中放入脚本代码,当其他用户浏览相关此连接的时候,脚本将在用户的浏览器中执行。攻击者可能借此得到用户基于COOKIE的认证信息。

- CVSS (基础分值)

CVSS分值: 7.6 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: HIGH [漏洞利用存在特定的访问条件]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(VENDOR_ADVISORY)  XF  bgguestbook-post-css(8474)
(VENDOR_ADVISORY)  BUGTRAQ  20020316 [ARL02-A08] BG Guestbook Cross Site Scripting Vulnerability

- 漏洞信息

BG Guestbook存在跨站脚本执行漏洞
高危 输入验证
2002-08-12 00:00:00 2006-04-07 00:00:00
        BG Guestbook是一款免费的WEB应用程序,运行在多种Unix和Linux系统平台下,也可运行于Windows平台下,支持HTML或者FLASH效果,由PHP实现并可用MySQL数据库作后台支持。
        BG Guestbook对用户输入过滤上存在漏洞,可使远程攻击者利用在相关输入栏中输入恶意脚本代码对其他浏览用户进行跨站脚本执行攻击。
        BG Guestbook在任何输入栏中(容易email、aim、站点等)的输入信息没有充分过滤,可导致攻击者在这些栏的内容中放入脚本代码,当其他用户浏览相关此连接的时候,脚本将在用户的浏览器中执行。攻击者可能借此得到用户基于COOKIE的认证信息。

- 公告与补丁

        * 编辑"signbook.php"加入如下过滤代码:
        # Patch Start
        $name= strip_tags ($name);
        $email= strip_tags ($email);
        $aimscr= strip_tags ($aimscr);
        $website= strip_tags ($website);
        $loc= strip_tags ($loc);
        $msg= strip_tags ($msg);
        # Patch End
        BG Guestbook
        BG Guestbook Upgrade BG Guestbook 1.1

- 漏洞信息

BG GuestBook signgbook.php Multiple Parameter XSS
Remote / Network Access Input Manipulation
Loss of Confidentiality, Loss of Integrity
Exploit Public

- 漏洞描述

BG Guestbook contains a flaw that allows a persistent remote cross site scripting attack via a POST request. This flaw exists because the application does not validate the $name, $email, $aimscr, $website, $loc, or $msg parameters upon submission to the "signgbook.php" script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

- 时间线

2003-03-16 Unknow
2003-03-15 Unknow

- 解决方案

Upgrade to version 1.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

BG Guestbook Cross-Agent Scripting Vulnerability
Input Validation Error 4308
Yes No
2002-03-16 12:00:00 2009-07-11 11:56:00
Discovery of this issue is credited to Ahmet Sabri ALPER <>.

- 受影响的程序版本

BG Guestbook BG Guestbook 1.0
BG Guestbook BG Guestbook 1.1

- 不受影响的程序版本

BG Guestbook BG Guestbook 1.1

- 漏洞讨论

BG Guestbook is a freely available web application written in PHP, which is back-ended by a MySQL database. It can display content using either HTML or Flash. It will run on most Unix and Linux variants as well as Microsoft Windows operating systems.

BG Guestbook is prone to cross-agent scripting attacks. This may enable a remote attacker to cause arbitrary script code to be executed in the browser of a legitimate web user, in the context of the site running the vulnerable software.

This issue is present in both the HTML and Flash versions of the vulnerable guestbook software.

- 漏洞利用

Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: &lt;;.

- 解决方案

This issue has been addressed in version 1.1 of the software.

BG Guestbook BG Guestbook 1.0

- 相关参考