[Full-disclosure] SF-Shoutbox 1.2.1 <= 1.4 HTML/JS Injection Vulnerability

2007-11-07T00:00:00
ID SECURITYVULNS:DOC:18362
Type securityvulns
Reporter Securityvulns
Modified 2007-11-07T00:00:00

Description


|| WWW.SMASH-THE-STACK.NET ||

|| ADVISORY: SF-Shoutbox 1.2.1 <= 1.4 HTML/JS Injection Vulnerability


|| 0x00: ABOUT ME || 0x01: DATELINE || 0x02: INFORMATION || 0x03: EXPLOITATION || 0x04: GOOGLE DORK || 0x05: RISK LEVEL




|| 0x00: ABOUT ME

Author: SkyOut Date: November 2007 Contact: skyout[-at-]smash-the-stack[-dot-]net Website: www.smash-the-stack.net


|| 0x01: DATELINE

2007-11-02: Bug found 2007-11-03: Advisory released


|| 0x02: INFORMATION

The Shoutbox software provided by Script-Fun.de is vulnerable to HTML and JavaScript injection. It is possible to execute code or manipulate the whole page. The fields for "Name" and "Shout" are not sanitized and therefore both can be manipulated with malicious content.


|| 0x03: EXPLOITATION

No exploit is needed to test this vulnerability. You just need a working web browser.

1: HTML Injection

Go to the main page of the Shoutbox software, normally located at "main.php" and input HTML code into the Name and/or Shout field. To make the whole shouts being overlayed by your website you simple put

<meta http-equiv="refresh" content="0; URL=http://example.com/">

into the field(s)!

2: JavaScript Injection

Go to the main page of the Shoutbox software, normally located at "main.php" and input the needed JavaScript code into the Name and/or Shout field. For example a simple popup could be constructed by inputting

<script>alert("XSS");</script> ...

If you manipulate both fields the code will be executed twice. The more often you do this, the more often the code will be executed.


|| 0x04: GOOGLE DORK

intext:"SF-Shoutbox"


|| 0x05: RISK LEVEL

I would consider this a low critical vulnerability as this software is not widely used. Nevertheless in bad cases an attacker could manipulate different sites to show up his page, which then could try to attack the users browser with common exploits, similar to IFrame injection.

<!> Happy Hacking <!>



THE END


Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/