[<prev] [next>] [day] [month] [year] [list]
Message-ID: <99e73caa0806090846v49046aacrc5a72356e1d706c8@mail.gmail.com>
Date: Mon, 9 Jun 2008 17:46:02 +0200
From: "MC Iglo" <mc.iglo@...glemail.com>
To: full-disclosure@...ts.grok.org.uk
Subject: persistant XSS,
Manipulation of Data and privileg escalation in gpotato.eu forums
Hi all,
the forums of gpotato.eu is prone to multiple different vulnerabilities.
Timeline for XSS:
14. May: notified gpotato.eu stating, that there are security wholes
in their forum I could use to steal login-information
15. May: response: there is no bug in the forum, and as the login
information is encrypted, there is no problem
15. May: sending example:
<scr<script>ipt>alert(document.cookie);</scr</script>ipt>
16. May: response: Ok, there was a bug when User has IE (bullshit, but
example code doesn't work anymore)
16. May: sent next example: <p onmouseover='alert(document.cookie);'>blabla</p>
no more response. It doesn't work this way anymore, but my code is
still sent to the site and only gets enclosed as title="mycode".
Still might be vulnearble.
I don't have a timeline for manipulation and escalation, but I told
them several times now.
It was possible, to reply to closed threads, which seems to be fixed
now. But for the same time, they know, anyone (logged in) can edit
anybody's postings, which is still unfixed.
http://t*nyurl.com/5ovmr7
regards
MC.Iglo
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists