TUCoPS :: Web :: Specific Sites

TUCoPS :: Web :: Specific Sites :: b06-3078.htm
Bingbox.com - XSS & cookie disclosure
Bingbox.com - XSS & cookie disclosure Bingbox.com - XSS & cookie disclosure

Bingbox.com=0D
=0D
Homepage:=0D
http://www.bingbox.com=0D 
=0D
Affected files:=0D
=0D
* Profile input boxes:=0D
=0D
- City input=0D
=0D
* Registering=0D
=0D
* Viewing Birthdays=0D
=0D
* Adding a friend=0D
=0D
* Viewing people online=0D
-----------------------------------------------=0D
=0D
XSS with cookie disclosure via inviting friends:=0D
">">">">'>'>'><"<=0D">http://www.bingbox.com/go/admin/f=friends&o=invite&a=msn&t=web&wizard=start">">">">">'>'>'><"<=0D 
=0D
"<"<'<'<'=0D
=0D
XSS vuln with cookie disclosure via "City" input box on profile:=0D
=0D
Data isnt properly sanatized before being generated. In one part of the site its output as full code on the screen (tested using  tags, with  tags, no =0D
=0D
code displays), and on the other part, an XSS can occur:=0D
=0D
For a PoC, since they add backslashes to ' and ", use the long UTF-8 Unicode for ':=0D
=0D
=0D
=0D
For the cookie:=0D
=0D
=0D
=0D
--------------------------------------------------=0D
=0D
XSS with cookie disclosure when viewing a blog, that redirects you to the register page:=0D
=0D
">">">">">'>'><"<"<'<'<"<"=0D">http://bingbox.com/go/register/wanted=luny666/">">">">">">'>'><"<"<'<'<"<"=0D 
=0D
-----------------------------------------------=0D
=0D
XSS via viewing birthdays:=0D
=0D
'>'>'>"><"">">">"><"<"<"<"<'<'<'<"<""><=0D">http://www.bingbox.com/go/birthdays/month=8&day=13">'>'>'>"><"">">">"><"<"<"<"<'<'<'<"<""><=0D 
=0D
"<"=0D
=0D
-------------------------------------------------=0D
=0D
XSS when adding a new friend. Same as above, we arent able to use ' or long UTF-8 unicode above, so we use fromCharCode's. PoC:=0D
=0D
'>'>'>"><"">">">">http://www.bingbox.com/go/admin/f=friends&o=new&friendname=DreamUnik">'>'>'>"><"">">">"> 
=0D
><"<"<"<"<'<'<'<"<""><"<"=0D
=0D
--------------------------------------------------=0D
=0D
XSS vuln when viewing people online:=0D
=0D
'>'>'>"><"">">">">http://www.bingbox.com/go/whoisonline/i=1&agemin=&agemax=&country=US">'>'>'>"><"">">">"> 
=0D
><"<"<"<"<'<'<'<"<""><"<"&locationarea=&sex=&page=3=0D
=0D
------------------------------------------------=0D
=0D
More XSS vulns:=0D
=0D
'>'>'>"><"">">">"><"<"<"<"<'<'<'<"<""><=0D">http://www.bingbox.com/go/static/file=av">'>'>'>"><"">">">"><"<"<"<"<'<'<'<"<""><=0D'>'>'>"><"">">">"><"<"<"<"<'<'<'<"<""><=0D">http://www.bingbox.com/go/static/file=ps">'>'>'>"><"">">">"><"<"<"<"<'<'<'<"<""><=0D'>'>'>"><"">">">"><"<"<"<"<'<'<'<"<""><=0D">http://www.bingbox.com/go/static/file=gedragscode">'>'>'>"><"">">">"><"<"<"<"<'<'<'<"<""><=0D 
=0D
=0D
Screenshots:=0D
http://www.youfucktard.com/xsp/bingbox1.jpg=0Dhttp://www.youfucktard.com/xsp/bingbox2.jpg=0Dhttp://www.youfucktard.com/xsp/bingbox3.jpg=0Dhttp://www.youfucktard.com/xsp/bingbox4.jpg=0Dhttp://www.youfucktard.com/xsp/bingbox5.jpg=0Dhttp://www.youfucktard.com/xsp/bingbox6.jpg=0Dhttp://www.youfucktard.com/xsp/bingbox7.jpg=0Dhttp://www.youfucktard.com/xsp/bingbox8.jpg


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).Site design & layout copyright © 1986-2024 AOH