Social Share Cross Site Scripting

2010-12-17T00:00:00
ID PACKETSTORM:96778
Type packetstorm
Reporter Aliaksandr Hartsuyeu
Modified 2010-12-17T00:00:00

Description

                                        
                                            `===========================================  
www.eVuln.com advisory:  
"title" and "ur"l - Non-persistent XSS in Social Share  
Summary: http://evuln.com/vulns/164/summary.html   
Details: http://evuln.com/vulns/164/description.html   
  
-----------Summary-----------  
eVuln ID: EV0164  
Software: Social Share  
Vendor: n/a  
Version: 2010-06-05  
Critical Level: low  
Type: Cross Site Scripting  
Status: Unpatched. No reply from developer(s)  
PoC: Available  
Solution: Not available  
Discovered by: Aliaksandr Hartsuyeu ( http://evuln.com/ )  
  
--------Description--------  
It is possible to inject xss code into "title" and "url" parameters in save.php script.  
Parameters "title", "url" are not properly sanitized before being used in HTML code.  
  
--------PoC/Exploit--------  
Non-persistent XSS Example.  
  
XSS example1: http://website/socialshare/save.php?title=<XSS>  
  
XSS example2: http://website/socialshare/save.php?url="><XSS>  
  
---------Solution----------  
Not available  
  
----------Credit-----------  
Vulnerability discovered by Aliaksandr Hartsuyeu  
http://evuln.com/code-analysis.html - source code review service  
www.eVuln.com advisory:  
  
  
  
===========================================  
"link" and "linkdescription" XSS in Social Share  
Summary: http://evuln.com/vulns/165/summary.html   
Details: http://evuln.com/vulns/165/description.html   
  
-----------Summary-----------  
eVuln ID: EV0165  
Software: Social Share  
Vendor: n/a  
Version: 2010-06-05  
Critical Level: low  
Type: Cross Site Scripting  
Status: Unpatched. No reply from developer(s)  
PoC: Available  
Solution: Not available  
Discovered by: Aliaksandr Hartsuyeu ( http://evuln.com/ )  
  
--------Description--------  
It is possible to inject xss code into "link" and "linkdescription" parameters in processPost.php script.  
Parameters "link" and "linkdescription" are not properly sanitized before being used in HTML code.  
  
--------PoC/Exploit--------  
XSS Examples.  
  
link: javascript:alert('XSS')  
  
description: "><script>alert('XSS')</script><aaa aa="  
---------Solution----------  
Not available  
  
----------Credit-----------  
Vulnerability discovered by Aliaksandr Hartsuyeu  
http://evuln.com/penetration-test.html - penetration testing service  
`