------=_Part_16313_1254748.1135355350143 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline ########################################################################### # Advisory #1 Title: HTML Injection Vulnerability in Simpbook( all vercion) # # # Author: 0o_zeus_o0 # Contact: zeus@diosdelared.com # Website: olimpusklan.org # Date: 23/12/2005 # Risk: High # Vendor Url: http://www.codegrrl.com # Affected Software: Simpbook # Non Affected: # # We Are:olimpus klan team # #=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D #TECHNICAL INFO: # #when being in the guest book HTML in the area of messages can be injected #with the next script # #Example: # #<h1>hi # #<script>alert('you hacked')</script> # #or some inframe # # # # #=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D # #VULNERABLE VERSIONS: all # #=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Contact information #0o_zeus_o0 #zeus@diosdelared.com #www.olimpusklan.org #=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D #greetz: lady fire, fraude, adi, xoxo , pandora, mbyte ###########################################################################= ### ------=_Part_16313_1254748.1135355350143 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline ###########################################################################= <br># Advisory #1 Title: HTML Injection Vulnerability in Simpbook( all verc= ion)<br># <br># <br># Author: 0o_zeus_o0<br># Contact: <a href=3D"mailto:ze= us@diosdelared.com"> zeus@diosdelared.com</a><br># Website: <a href=3D"http://olimpusklan.org">o= limpusklan.org</a><br># Date: 23/12/2005<br># Risk: High <br># Vendor Url: = <a href=3D"http://www.codegrrl.com">http://www.codegrrl.com</a><br># Affect= ed Software: Simpbook <br># Non Affected: <br># <br># We Are:olimpus klan team <br>#<br>#=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D<br>#TECHNICAL INFO:<br>#<br>#when bein= g in the guest book HTML in the area of messages can be injected=20 <br>#with the next script<br>#<br>#Example:<br>#<br>#<h1>hi<br>#<br>#= <script>alert('you hacked')</script><br>#<br>#or some inframe<b= r>#<br>#<br>#<br>#<br>#=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D <br>#<br>#VULNERABLE VERSIONS: all<br>#<br>#=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D<br>Contact information<br>#0o_zeus_o0<br>#zeus@<a href= =3D"http://diosdelared.com">diosdelared.com</a><br>#www.olimpusklan.org <br>#=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D<br>#greetz: lady fire, fra= ude, adi, xoxo , pandora, mbyte <br>#######################################= ####################################### ------=_Part_16313_1254748.1135355350143--