sfshoutbox-inject.txt

sfshoutbox-inject.txt: Posted Nov 5, 2007; Authored by SkyOut | Site core-security.net; SF-Shoutbox versions 1.2.1 through 1.4 suffer from HTML and Javascript injection vulnerabilities.; tags | exploit, javascript, vulnerability; SHA-256 | 3682505c261933683ad05bfabf7699d37214068b442461d5ebda147a28fca400; Download | Favorite | View

sfshoutbox-inject.txt

-----------------------------
|| WWW.SMASH-THE-STACK.NET ||
-----------------------------

|| ADVISORY: SF-Shoutbox 1.2.1 <= 1.4 HTML/JS Injection Vulnerability

_____________________
|| 0x00: ABOUT ME
|| 0x01: DATELINE
|| 0x02: INFORMATION
|| 0x03: EXPLOITATION
|| 0x04: GOOGLE DORK
|| 0x05: RISK LEVEL
____________________________________________________________
____________________________________________________________

_________________
|| 0x00: ABOUT ME

Author: SkyOut
Date: November 2007
Contact: skyout[-at-]smash-the-stack[-dot-]net
Website: www.smash-the-stack.net

_________________
|| 0x01: DATELINE

2007-11-02: Bug found
2007-11-03: Advisory released

____________________
|| 0x02: INFORMATION

The Shoutbox software provided by Script-Fun.de is vulnerable to HTML
and JavaScript injection. It is possible to execute code or manipulate
the whole page. The fields for "Name" and "Shout" are not sanitized and
therefore both can be manipulated with malicious content.

_____________________
|| 0x03: EXPLOITATION

No exploit is needed to test this vulnerability. You just need a working
web browser.

1: HTML Injection

Go to the main page of the Shoutbox software, normally located at "main.php"
and input HTML code into the Name and/or Shout field. To make the whole shouts
being overlayed by your website you simple put

<meta http-equiv="refresh" content="0; URL=http://example.com/">

into the field(s)!

2: JavaScript Injection

Go to the main page of the Shoutbox software, normally located at "main.php"
and input the needed JavaScript code into the Name and/or Shout field. For
example a simple popup could be constructed by inputting

<script>alert("XSS");</script> ...

If you manipulate both fields the code will be executed twice. The more often
you do this, the more often the code will be executed.

____________________
|| 0x04: GOOGLE DORK

intext:"SF-Shoutbox"

___________________
|| 0x05: RISK LEVEL

I would consider this a low critical vulnerability as this software is not
widely used. Nevertheless in bad cases an attacker could manipulate different
sites to show up his page, which then could try to attack the users browser
with common exploits, similar to IFrame injection.

<!> Happy Hacking <!>

____________________________________________________________
____________________________________________________________

THE END

Top Authors In Last 30 Days

Red Hat 293 files
Ubuntu 64 files
Debian 22 files
Gentoo 8 files
Google Security Research 7 files
LiquidWorm 6 files
Apple 5 files
Jann Horn 3 files
Spencer McIntyre 3 files
Milad Karimi 3 files

File Archives

Systems

AIX (430)
Apple (2,132)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,175)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,140)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,480)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,022)
UNIX (9,482)
UnixWare (188)
Windows (6,785)
Other

sfshoutbox-inject.txt

sfshoutbox-inject.txt

File Archive:

December 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

sfshoutbox-inject.txt

Share This

sfshoutbox-inject.txt

File Archive:

December 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems