Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: Specific Sites :: b06-2936.htm

Onlinenode.com - XSS



Onlinenode.com - XSS
Onlinenode.com - XSS



Onlinenode.com=0D
=0D
Homepage:=0D
http://www.onlinenode.com=0D 
=0D
Effected files:=0D
node_category.php=0D
node_article.php=0D
webpage.php=0D
guestbook.php=0D
journal.php=0D
pictures.php=0D
chatroom.php=0D
=0D
---------------------------=0D
=0D
XSS Vuln via node_category.php:=0D
=0D
One way to archive this is to use black tags with an open ended iframe tag:=0D
'>"http://www.onlinenode.com/node_category.php?forms_action=node_category&forms_id_category=1">'>" 
=0D
Another way would be to use  tags, since using flash could also create a XSS attack:=0D
=0D
<'<"">=0D">http://www.onlinenode.com/node_category.php?forms_action=node_category&forms_id_category=1''"<"'><'<"">=0D 
=0D
--------------------------------------------=0D
=0D
XSS Vuln via node_article.php:=0D
=0D
One way to archive this is to use black tags with an open ended iframe tag:=0D
=0D
http://www.onlinenode.com/node_article.php?forms_action=node_article&forms_id_article=158391149699301''"<"'> 
=0D
=0D
Another way would be to use  tags, since using flash could also create a XSS attack:=0D
=0D
<'<"">=0D">http://www.onlinenode.com/node_article.php?forms_action=node_article&forms_id_article=158391149699301''"<"'><'<"">=0D 
=0D
-------------------------------------------=0D
=0D
Possible SQL injection due to with query error:=0D
=0D
http://www.onlinenode.com/webpage.php?forms_action=webpage&forms_id_user=19'=0D 
=0D
You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use =0D
=0D
near '127.0.0.1' AND host != 'adsl-127-0-0.lol.somehost.com'' >>> UPDATE counter SET ip = '127.0.0.1',host = 'adsl-127-0-0.lol.=0D
=0D
somehost.com',count = count + 1 WHERE id_user = '19'' AND ip != '127.0.0.1' AND host != 'dsl-127-0-0.lol.somehost.com'=0D
=0D
We can see from the above query, a few table names as well as our IP + hostmask.=0D
=0D
=0D
XSS Vuln in webpage.php:=0D
=0D
'>http://www.onlinenode.com/webpage.php?forms_action=webpage&forms_id_user=2">'> <=0D 
=0D
Again, same as above the  tags also work for flash.=0D
------------------------------------------=0D
=0D
XSS Vulnerability via guestbook.php:=0D
=0D
'>http://www.onlinenode.com/guestbook.php?forms_action=guestbook1&forms_id_user=18">'> 
=0D
Again, same as above the  tags also work for flash.=0D
=0D
-----------------------------------------=0D
=0D
XSS Vulnerability via journal.php:=0D
'>http://www.onlinenode.com/journal.php?forms_action=journal&forms_id_user=">'> 
=0D
Again, same as above the  tags also work for flash.=0D
=0D
---------------------------------------=0D
XSS Vuln via pictures.php:=0D
=0D
'>http://www.onlinenode.com/pictures.php?forms_action=pictures&forms_id_user=">'> 
=0D
Again, same as above the  tags also work for flash.=0D
=0D
----------------------------------------=0D
=0D
XSS Vuln via mb_thread.php when viewing threads:=0D
=0D
'>http://www.onlinenode.com/mb_thread.php?forms_action=mb_thread1&forms_id_thread=0">'> 
=0D
Again, same as above the  tags also work for flash.=0D
=0D
-------------------------------------=0D
XSS Vuln via chatroom.php:=0D
=0D
'>http://www.onlinenode.com/chatroom.php?forms_action=chatroom_main&forms_room=">'> 
=0D
Again,  tags work here too.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH