sfshoutbox-inject.txt

2007-11-05T00:00:00
ID PACKETSTORM:60676
Type packetstorm
Reporter SkyOut
Modified 2007-11-05T00:00:00

Description

                                        
                                            `-----------------------------  
|| WWW.SMASH-THE-STACK.NET ||  
-----------------------------  
  
|| ADVISORY: SF-Shoutbox 1.2.1 <= 1.4 HTML/JS Injection Vulnerability  
  
_____________________  
|| 0x00: ABOUT ME  
|| 0x01: DATELINE  
|| 0x02: INFORMATION  
|| 0x03: EXPLOITATION  
|| 0x04: GOOGLE DORK  
|| 0x05: RISK LEVEL  
____________________________________________________________  
____________________________________________________________  
  
_________________  
|| 0x00: ABOUT ME  
  
Author: SkyOut  
Date: November 2007  
Contact: skyout[-at-]smash-the-stack[-dot-]net  
Website: www.smash-the-stack.net  
  
_________________  
|| 0x01: DATELINE  
  
2007-11-02: Bug found  
2007-11-03: Advisory released  
  
____________________  
|| 0x02: INFORMATION  
  
The Shoutbox software provided by Script-Fun.de is vulnerable to HTML  
and JavaScript injection. It is possible to execute code or manipulate  
the whole page. The fields for "Name" and "Shout" are not sanitized and  
therefore both can be manipulated with malicious content.  
  
_____________________  
|| 0x03: EXPLOITATION  
  
No exploit is needed to test this vulnerability. You just need a working  
web browser.  
  
1: HTML Injection  
  
Go to the main page of the Shoutbox software, normally located at "main.php"  
and input HTML code into the Name and/or Shout field. To make the whole shouts  
being overlayed by your website you simple put  
  
<meta http-equiv="refresh" content="0; URL=http://example.com/">  
  
into the field(s)!  
  
2: JavaScript Injection  
  
Go to the main page of the Shoutbox software, normally located at "main.php"  
and input the needed JavaScript code into the Name and/or Shout field. For  
example a simple popup could be constructed by inputting  
  
<script>alert("XSS");</script> ...  
  
If you manipulate both fields the code will be executed twice. The more often  
you do this, the more often the code will be executed.  
  
____________________  
|| 0x04: GOOGLE DORK  
  
intext:"SF-Shoutbox"  
  
___________________  
|| 0x05: RISK LEVEL  
  
I would consider this a low critical vulnerability as this software is not  
widely used. Nevertheless in bad cases an attacker could manipulate different  
sites to show up his page, which then could try to attack the users browser  
with common exploits, similar to IFrame injection.  
  
<!> Happy Hacking <!>  
  
____________________________________________________________  
____________________________________________________________  
  
THE END  
  
`