lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Wed, 18 Aug 2010 13:03:20 +0800
From: YGN Ethical Hacker Group <lists@...g.net>
To: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: Linkbucks.com XSS & URL Redirection
	Vulnerabilities

==============================================================================
Linkbucks.com XSS & URL Redirection Vulnerabilities
==============================================================================


1. OVERVIEW

A famous link-based advertising network, linkbucks.com, is currently
vulnerable to
Cross Site Scripting and URL Redirection vulnerabilities


2. SITE SERVICE DESCRIPTION

Linkbucks is the first Internet advertising network to recognize that
the interplay
between websites and web users is the foundation of a successful viral
campaign.
Linkbucks brings web users, websites, and marketers together in a way
that is beneficial to everyone.


3. VULNERABILITY DESCRIPTION

The Default.aspx page at linkbucks.com is vulnerable to Cross Site
Scripting vulnerability
as the Message and ReturnURL parameters are not properly sanitized
after a user's logging out.


4. PROOF-OF-CONCEPT/EXPLOIT

+ Cross Site Scripting (OWASP 2010 Top 10 - A2)

http://www.linkbucks.com/Default.aspx?task=completed&MetaRefresh=2&Message="><script>alert(/XSS/)</script>&ReturnURL=/Default.aspx&NoText=true

http://yehg.net/lab/pr0js/advisories/sites/linkbucks.com/xss/linkbucks.com_xss.jpg

+ Unvalidated Redirects and Forwards (OWASP 2010 Top 10 - A10)

http://www.linkbucks.com/Default.aspx?task=completed&MetaRefresh=2&Message=You%20have%20been%20logged%20out.&ReturnURL=http://www.yehg.net&NoText=true


5. IMPACT

As the linkbucks has hundreds of web users, ad publishers and advertisers,
attackers can exploit these flaws for fun and profit.


6. VENDOR

LinkBucks.com
-http://linkbucks.com


7. CREDIT

This vulnerability was discovered by Aung Khant, http://yehg.net, YGN
Ethical Hacker Group, Myanmar.


8. DISCLOSURE TIME-LINE

07-10-2010: vulnerability discovered
07-13-2010: got contact from linksbuck support team via support ticket
"#KHT-97974-227"
07-15-2010: provided vulnerabilities
08-15-2010: vulnerabilities have not been fixed
08-18-2010: vulnerability disclosed


9. REFERENCES

Original Advisory URL:
http://yehg.net/lab/pr0js/view.php/[linkbucks.com]_xss,redirect
OWASP Top 10 - http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project


#yehg [08-18-2010]

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ