AOH :: HP Unsorted M :: VA3493.HTM

MULTIPLE CODE INJECTION VULNERABILITIES --TUENTI--SPAIN-->



MULTIPLE CODE INJECTION VULNERABILITIES --TUENTI--SPAIN-->
MULTIPLE CODE INJECTION VULNERABILITIES --TUENTI--SPAIN-->



####################
Language: English
####################

------------------------------------------------------------
MULTIPLE CODE INJECTION VULNERABILITIES --TUENTI--SPAIN-->
------------------------------------------------------------

SYSTEM INFORMATION:

-->WEB: http://www.tuenti.com/ 
-->DOWNLOAD: No there.
-->DEMO: N/A
-->CATEGORY: Social Networking
-->DESCRIPTION: Tuenti is the biggest and most popular social network in Spain.=09

SYSTEM VULNERABILITY:

-->TESTED ON: firefox 3 and Internet Explorer 6.0
-->CATEGORY: HTML CODE INJECTION / XSS
-->Discovered Bug date: 2009-05-04
-->Reported Bug date: 2009-05-04
-->Fixed bug date: 2009-05-12
-->Author: YEnH4ckEr
-->mail: y3nh4ck3r[at]gmail[dot]com
-->WEB/BLOG: N/A
-->COMMENT: A mi novia Marijose...hermano,cunyada, padres (y amigos xD) por su apoyo.
-->EXTRA-COMMENT: Xikitiya no me odies por esto jajaja


#################
/////////////////

HTML INJECTION:

/////////////////
#################


Go to --> http://www.tuenti.com/#m=video&video_id=697&cat_id=tuentiVideos 


Vuln GET var --> 'cat_id'


Note: Here was not possible a XSS attack


------------------
PROOF OF CONCEPT:
------------------


http://www.tuenti.com/#m=video&video_id=697&cat_id=tuentiVideos"> HREF=http://[MALICIOUS-HOST]/[PATH]/index.php>y3nh4ck3r was here! 


Return --> New link on footer


#############################
/////////////////////////////

CROSS SITE SCRIPTING (XSS):

/////////////////////////////
#############################


<<<<---------++++++++++++++ Condition: Be registered user +++++++++++++++++--------->>>>

<<<<---------++++++++++++++ Extra-Condition: Be friends (victim/attacker) +++++++++++++++++--------->>>>


Go to --> http://www.tuenti.com/#m=editfoto&upload=1&items=2-64699031-503405997-64699031 


Vuln GET var --> 'items'


------------------
PROOF OF CONCEPT:
------------------


 


Return --> Alert message


<<<<---------++++++++++++++ Condition: Be registered user +++++++++++++++++--------->>>>

<<<<---------++++++++++++++ Extra-Condition: Nothing +++++++++++++++++--------->>>>


Go to --> http://www.tuenti.com/#m=videos&view=category&cat_id=upload 


Vuln GET var --> 'cat_id'


------------------
PROOF OF CONCEPT:
------------------


 


Return --> Alert message


<<<<---------++++++++++++++ Condition: Nothing +++++++++++++++++--------->>>>

<<<<---------++++++++++++++ Extra-Condition: Nothing +++++++++++++++++--------->>>>


Go to --> http://www.tuenti.com/?need_invite=1 


Vuln POST var --> 'email'


------------------
PROOF OF CONCEPT:
------------------


email=">


Return --> Alert message


----------------
FINAL REMARK:
----------------


Staff's members have fixed successfully these vulnerabilites ;)


####################
Language: Spanish
####################

----------------------------------------------------------------------
M=DALTIPLES VULNERABILIDADES DE INYECCI=D3N DE C=D3DIGO --TUENTI--ESPA=D1A->
----------------------------------------------------------------------

INFORMACI=D3N DEL SISTEMA:

-->WEB: http://www.tuenti.com/ 
-->DESCARGA: No hay
-->DEMO: No disponible
-->CATEGOR=CDA: Red social
-->DESCRIPCI=D3N: Tuenti es la mayor y m=E1s popular red social en Espa=F1a.=09

VULNERABILIDAD DEL SISTEMA:

-->PROBADO EN: firefox 3 y Internet Explorer 6.0
-->CATEGOR=CDA: INYECCI=D3N DE C=D3DIGO HTML/ XSS.
-->Fecha de descubrimiento del bug: 2009-05-04
-->Fecha de aviso al sistema: 2009-05-04
-->Fecha de fijaci=F3n del bug: 2009-05-12
-->Autor: YEnH4ckEr
-->Correo: y3nh4ck3r[at]gmail[dot]com
-->WEB/BLOG: No disponible
-->Comentario: A mi novia Marijose...hermano,cunyada, padres (y amigos xD) por su apoyo.
-->Comentario-extra: Xikitiya no me odies por esto jajaja


#################
/////////////////

INYECCI=D3N HTML:

/////////////////
#################


Ir a --> http://www.tuenti.com/#m=video&video_id=697&cat_id=tuentiVideos 


Variable GET vulnerable --> 'cat_id'


Nota: Aqu=ED no fue posible un ataque XSS


-------------------
PRUEBA DE CONCEPTO:
-------------------


http://www.tuenti.com/#m=video&video_id=697&cat_id=tuentiVideos"> HREF=http://[MALICIOUS-HOST]/[PATH]/index.php>y3nh4ck3r was here! 


Devuelve --> Nuevo enlace en el pie de p=E1gina


#############################
/////////////////////////////

CROSS SITE SCRIPTING (XSS):

/////////////////////////////
#############################


<<<<---------++++++++++++++ Condici=F3n: Ser usuario registrado +++++++++++++++++--------->>>>

<<<<---------++++++++++++++ Condici=F3n-extra: Ser amigos (v=EDctima/atacante) +++++++++++++++++--------->>>>


Ir a --> http://www.tuenti.com/#m=editfoto&upload=1&items=2-64699031-503405997-64699031 


Variable GET vulnerable --> 'items'


-------------------
PRUEBA DE CONCEPTO:
-------------------


 


Devuelve --> Mensaje de alerta


<<<<---------++++++++++++++ Condici=F3n: Ser usuario registrado +++++++++++++++++--------->>>>

<<<<---------++++++++++++++ Condici=F3n-extra: Nada +++++++++++++++++--------->>>>


Ir a --> http://www.tuenti.com/#m=videos&view=category&cat_id=upload 


Variable GET vulnerable --> 'cat_id'


-------------------
PRUEBA DE CONCEPTO:
-------------------


 


Devuelve --> Mensaje de alerta


<<<<---------++++++++++++++ Condici=F3n: Nada +++++++++++++++++--------->>>>

<<<<---------++++++++++++++ Condici=F3n-extra: Nada +++++++++++++++++--------->>>>


Ir a --> http://www.tuenti.com/?need_invite=1 


Variable POST vulnerable --> 'email'


-------------------
PRUEBA DE CONCEPTO:
-------------------


email=">


Devuelve --> Mensaje de alerta


-------------------
OBSERVACI=D3N FINAL:
-------------------

El equipo de trabajo ha fijado con =E9xito estas vulnerabilidades ;)


#######################################################################
#######################################################################
##*******************************************************************##
##      SPECIAL GREETZ TO: Str0ke, JosS, Ulises2k, J. McCray ...     ##
##*******************************************************************##
##-------------------------------------------------------------------##
##*******************************************************************##
##              GREETZ TO: SPANISH H4ck3Rs community!                ##
##*******************************************************************##
#######################################################################
#######################################################################

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.