|| ADVISORY: SF-Shoutbox 1.2.1 <= 1.4 HTML/JS Injection Vulnerability
|| 0x00: ABOUT ME || 0x01: DATELINE || 0x02: INFORMATION || 0x03: EXPLOITATION || 0x04: GOOGLE DORK || 0x05: RISK LEVEL
|| 0x00: ABOUT ME
Author: SkyOut Date: November 2007 Contact: skyout[-at-]smash-the-stack[-dot-]net Website: www.smash-the-stack.net
|| 0x01: DATELINE
2007-11-02: Bug found 2007-11-03: Advisory released
|| 0x02: INFORMATION
|| 0x03: EXPLOITATION
No exploit is needed to test this vulnerability. You just need a working web browser.
1: HTML Injection
Go to the main page of the Shoutbox software, normally located at "main.php" and input HTML code into the Name and/or Shout field. To make the whole shouts being overlayed by your website you simple put
<meta http-equiv="refresh" content="0; URL=http://example.com/">
into the field(s)!
If you manipulate both fields the code will be executed twice. The more often you do this, the more often the code will be executed.
|| 0x04: GOOGLE DORK
|| 0x05: RISK LEVEL
I would consider this a low critical vulnerability as this software is not widely used. Nevertheless in bad cases an attacker could manipulate different sites to show up his page, which then could try to attack the users browser with common exploits, similar to IFrame injection.
<!> Happy Hacking <!>
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/