User Friendly SVN Cross Site Scripting

User Friendly SVN Cross Site Scripting: Posted Jun 21, 2014; Authored by Manish Tanwar; User Friendly SVN versions prior to 1.0.7 suffer from a cross site scripting vulnerability.; tags | exploit, xss; SHA-256 | 2563320161d0c04a3683751b1af8691a3a5d0135333e64fcb8888672f2dd61c4; Download | Favorite | View

User Friendly SVN Cross Site Scripting

############################################################################### 
# Exploit Title   : User friendly svn(web based interface) reflected xss vulnerability
# Author          : Manish Kishan Tanwar  
# Vendor          : http://www.usvn.info/
# version affected: below 1.0.7
# Date            : 21/06/2014 
# Discovered @    : INDISHELL Lab
# Love to         : zero cool,Team indishell,Hardeep Singh,jagriti
# email           : manish.1046@gmail.com
############################################################################## 
////////////////////////
/// Overview: 
//////////////////////// 
User-Friendly USVN is a web interface written in PHP used to configure Subversion repositories.
its web interface login panel suffers from xss vulnerability. 

///////////////////////////////
// Vulnerability Description: 
///////////////////////////////

xss vulnerability exist on login panel in username field. It print the username on page if username password is not
correct and doesnt check for values before displaying them on web page because of which it is vulnerable to xss

//////////////////////////////
///  Proof of Concept: -
//////////////////////////////

Open the login panel
http://localhost/svn/login/
and put this payload in username field 
"><script>alert("xss by hardeep,zero cool and manish");</script>
and press submit button, page will give xss popup 


                             --==[[ Greetz To ]]==--
############################################################################################
#Guru ji zero ,code breaker ica, root_devil, google_warrior,INX_r0ot,Darkwolf indishell,Baba, 
#Silent poison India,Magnum sniper,Atul Dwivedi ethicalnoob Indishell,Local root indishell,
#Irfninja indishell,Reborn India,L0rd Crus4d3r,cool toad,cool shavik,Hackuin,Alicks,Ebin V Thomas 
#Dinelson Amine,Th3 D3str0yer,SKSking,Mr. Trojan,rad paul,Godzila,mike waals,zoozoo,
#The creator,cyber warrior,Neo hacker ICA,Suriya Prakash, cyber gladiator,Cyber Ace, 
#Golden boy INDIA,Ketan Singh,Yash,Aneesh Dogra,AR AR,saad abbasi,hero,Minhal Mehdi ,Raj bhai ji ,
#Hacking queen,lovetherisk,brown suger,govind and rest of TEAM INDISHELL
#############################################################################################
                             --==[[Love to]]==--
# My Father ,my Ex Teacher,cold fire hacker,Mannu, ViKi ,Ashu bhai ji,Soldier Of God, Bhuppi,
#Mohit,Ffe,Ashish,Shardhanand,Budhaoo,Anju Gulia,Don(Deepika kaushik) and acche bacchi(Jagriti)
                       --==[[ Special Fuck goes to ]]==--
                            <3  suriya Cyber Tyson <3

Top Authors In Last 30 Days

Red Hat 247 files
indoushka 101 files
Ubuntu 87 files
Gentoo 36 files
Jasper Nota 25 files
Debian 21 files
Willem Westerhof 19 files
Jim Blankendaal 11 files
Apple 9 files
Martijn Baalman 9 files

File Archives

Systems

AIX (429)
Apple (2,099)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,100)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,567)
HPUX (880)
iOS (378)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,775)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,536)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,750)
UNIX (9,437)
UnixWare (187)
Windows (6,674)
Other

User Friendly SVN Cross Site Scripting

User Friendly SVN Cross Site Scripting

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

User Friendly SVN Cross Site Scripting

Share This

User Friendly SVN Cross Site Scripting

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems