| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20060611102049.11247.qmail@securityfocus.com>
Date: 11 Jun 2006 10:20:49 -0000
From: luny@...fucktard.com
To: bugtraq@...urityfocus.com
Subject: Vampirefreaks.com - XSS with cookie disclosure
Vampirefreaks.com
Homepage:
http://www.vampirefreaks.com
Effected files:
input boxes of editing your profile
posting a journal entry.
Commenting
XSS Vulnerability:
Data isn't properly filtered when editing your profile. One way to bypass the filter is to escape quotes and useclosing brackets withaimg tag while having tab enabled and spacing jav ascript: Javascript and alert are filtered to the words "forbidden" so to bypass this we convert the word alert to hex form. Try adding the following below in your profile:
']"]'][""]'][IMG SRC="jav ascript:%61%6C%65%72%74('XSS');"]['["[""]['[""]
XSS Vulnerability to disclose user cookie:
This time, much like the sameway above, we have to hex encode alert and document.cookie because both words also get filtered to forbidden. PoC, add this in your profile, and make sure tab is on.
PoC:
']"]'][""]'][IMG SRC="jav ascript:%61%6C%65%72%74(%64%6F%63%75%6D%65%6E%74%2E%63%6F%6F%6B%69%65)" ]['["[""]['[""]
-------------------------------
XSS Vuln to disclose cookie in posting a journal entry:
Same method as above works here too:
']"]'][""]'][IMG SRC="jav ascript:%61%6C%65%72%74(%64%6F%63%75%6D%65%6E%74%2E%63%6F%6F%6B%69%65)" ]['["[""]['[""]
----------------------------------
Screenshots of XSS vulns:
http://www.youfucktard.com/xsp/vf1.jpg
http://www.youfucktard.com/xsp/vf2.jpg
http://www.youfucktard.com/xsp/vf3.jpg
Powered by blists - more mailing lists