BugTraq
Back to list
|
Post reply
Multiple XSS holes in TheFaceBook
Nov 13 2004 07:34PM
Alex Lanstein (alex lanstein gmail com)
Authors: Alex Lanstein, Ivo Parashkevov
Date: November 12, 2004
Affected Software: TheFaceBook - All Versions
Software URL: http://www.thefacebook.com
TheFaceBook, a popular college networking (social, not technological) tool is vulnerable to many XSS holes in it's search and editing methods.
In 'Advanced Search', the following fields are vulnerable vi search.php:
Phone Number,Birthday, Address, Enjoy.
POC
search.php?do_search=1&advanced=1&name=&email=&status=&sex=&year=&house=
&room=&mailbox=&phone=<code here>
&Birthday=<code here>
&Address=<code here>
&Enjoy=<code here>
'Group Search' is vulnerable, also through the search.php module
POC
search.php?all_fields=0&do_search=1&advanced=1&group=<code here>
'HighSchool Search' is vulnerable through the global.php module
POC
global.php?do_search=1&high_school=1&state=1&city=2&hsid=1&changed=1&adv
anced=1&high_school=1&name=<codehere>&hsyear=
The whole profile is also vulnerable. The automailer may be vulnerable to a sql injection as well ;-)
Greets to CC, Hahvid, neworder.box.sk, and fromadia.com
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
Authors: Alex Lanstein, Ivo Parashkevov
Date: November 12, 2004
Affected Software: TheFaceBook - All Versions
Software URL: http://www.thefacebook.com
TheFaceBook, a popular college networking (social, not technological) tool is vulnerable to many XSS holes in it's search and editing methods.
In 'Advanced Search', the following fields are vulnerable vi search.php:
Phone Number,Birthday, Address, Enjoy.
POC
search.php?do_search=1&advanced=1&name=&email=&status=&sex=&year=&house=
&room=&mailbox=&phone=<code here>
&Birthday=<code here>
&Address=<code here>
&Enjoy=<code here>
'Group Search' is vulnerable, also through the search.php module
POC
search.php?all_fields=0&do_search=1&advanced=1&group=<code here>
'HighSchool Search' is vulnerable through the global.php module
POC
global.php?do_search=1&high_school=1&state=1&city=2&hsid=1&changed=1&adv
anced=1&high_school=1&name=<codehere>&hsyear=
The whole profile is also vulnerable. The automailer may be vulnerable to a sql injection as well ;-)
Greets to CC, Hahvid, neworder.box.sk, and fromadia.com
[ reply ]