TUCoPS :: Web :: Specific Sites :: b06-3099.htm

hi5.com - XSS with cookie disclosure
hi5.com - XSS with cookie disclosure
hi5.com - XSS with cookie disclosure


hi5.com=0D
=0D
Homepage:=0D
http://www.hi5.com=0D 
=0D
Affected files:=0D
=0D
Input boxes of editing your profile.=0D
=0D
XSS Vuln with cookie disclosure:=0D
=0D
It seems hi5.com allows alot of html tags to be used on thier site but they will filter out words like javascript, applet, and iframe tags (which is to be expected). Heres a link to the page that lists allthe tags they will and won't allow:=0D
=0D
http://hi5.com/friend/account/html_tips.html=0D 
=0D
How do we get around this? Well, to get around the javascript filtering we use An embedded encoded tab to break up the javascript word. Below are a few examples of it. For PoC try putting this in your profile. (I used the Hometown box, all should work tho) :=0D
=0D
=0D
=0D
or=0D
=0D

=0D
=0D
Why do we have to use an embedded encoded tab in the word "alert" in a div tag and not a img tag? I have no idea! =0D
=0D
Screenshots:=0D
http://www.youfucktard.com/xsp/hi52.jpg=0D 
http://www.youfucktard.com/xsp/hi53.jpg=0D 
=0D
WHERES THE COOKIE?!?!=0D
=0D
Now lets change that so we can show our cookie data. Since they don't seem to allow thewords document and cookie, =0D
=0D
lets use the same method above to break it up. Try putting:=0D
=0D
Popup alert:=0D
=0D
=0D
Write on screen:=0D
=0D
=0D
Our Cookie:=0D
hi5banner_traffic_US; hi5medium_traffic_US; hi5sky_traffic_US; hi5uniqueAd2=1; hi5adcomRect; hi5adcomSky; hi5inpath=-1;hi5sp=homepage;hi5loggedIn=true;adHistoryLdr=4:1150268890485:4:1150268897936:1:1150269052890:1:1150269092966:8:1150269130139:9:1150269256989:9:1150269310562:10:1150269315812:11:1150269416327:11:1150269438591:12:1150269446349:13:1150269502289:13:1150269518708:14:1150269567146:15:1150269654968; sc=Fics:0:Ficb:0:Ficl:0; JSESSIONID=a229uu7JgBN7; K-JSESSIONID0x9882f778=6821EBA8AA2FB03B1F4D6B04A2799FED;adHistoryRct=1001:1150268898713:1001:1150269130834:1004:1150269316178:1004:1150269447018:1002:1150269519194:1002:1150269669974:1008:1150269721357:1007:1150269799646:1007:1150269971317:1010:1150270159468:1011:1150270778028:1011:1150270823873:1012:1150270950243;adHistorySky=2004:1150269046423:2004:1150269086714:2001:1150269250710:2001:1150269303450:2008:1150269409727:2007:1150269432295:2007:1150269495667:2020:1150269560927:2002:1150269648476:2002:1150269691452:2012:1150269709420:2011:1150269751737:2011:1150269785251:2014:1150270053753:2015:1150270141733=0D
=0D
=0D
=0D
Screenshots:=0D
http://www.youfucktard.com/xsp/hi54.jpg=0D 
http://www.youfucktard.com/xsp/hi55.jpg

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH