sfshoutbox-inject.txt

sfshoutbox-inject.txt: Posted Nov 5, 2007; Authored by SkyOut | Site core-security.net; SF-Shoutbox versions 1.2.1 through 1.4 suffer from HTML and Javascript injection vulnerabilities.; tags | exploit, javascript, vulnerability; SHA-256 | 3682505c261933683ad05bfabf7699d37214068b442461d5ebda147a28fca400; Download | Favorite | View

sfshoutbox-inject.txt

-----------------------------
|| WWW.SMASH-THE-STACK.NET ||
-----------------------------

|| ADVISORY: SF-Shoutbox 1.2.1 <= 1.4 HTML/JS Injection Vulnerability

_____________________
|| 0x00: ABOUT ME
|| 0x01: DATELINE
|| 0x02: INFORMATION
|| 0x03: EXPLOITATION
|| 0x04: GOOGLE DORK
|| 0x05: RISK LEVEL
____________________________________________________________
____________________________________________________________

_________________
|| 0x00: ABOUT ME

Author: SkyOut
Date: November 2007
Contact: skyout[-at-]smash-the-stack[-dot-]net
Website: www.smash-the-stack.net

_________________
|| 0x01: DATELINE

2007-11-02: Bug found
2007-11-03: Advisory released

____________________
|| 0x02: INFORMATION

The Shoutbox software provided by Script-Fun.de is vulnerable to HTML
and JavaScript injection. It is possible to execute code or manipulate
the whole page. The fields for "Name" and "Shout" are not sanitized and
therefore both can be manipulated with malicious content.

_____________________
|| 0x03: EXPLOITATION

No exploit is needed to test this vulnerability. You just need a working
web browser.

1: HTML Injection

Go to the main page of the Shoutbox software, normally located at "main.php"
and input HTML code into the Name and/or Shout field. To make the whole shouts
being overlayed by your website you simple put

<meta http-equiv="refresh" content="0; URL=http://example.com/">

into the field(s)!

2: JavaScript Injection

Go to the main page of the Shoutbox software, normally located at "main.php"
and input the needed JavaScript code into the Name and/or Shout field. For
example a simple popup could be constructed by inputting

<script>alert("XSS");</script> ...

If you manipulate both fields the code will be executed twice. The more often
you do this, the more often the code will be executed.

____________________
|| 0x04: GOOGLE DORK

intext:"SF-Shoutbox"

___________________
|| 0x05: RISK LEVEL

I would consider this a low critical vulnerability as this software is not
widely used. Nevertheless in bad cases an attacker could manipulate different
sites to show up his page, which then could try to attack the users browser
with common exploits, similar to IFrame injection.

<!> Happy Hacking <!>

____________________________________________________________
____________________________________________________________

THE END

Top Authors In Last 30 Days

Red Hat 237 files
indoushka 157 files
Jay Turla 150 files
Ubuntu 68 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
H D Moore 31 files
Karn Ganeshen 23 files
Pedro Ribeiro 22 files

File Archives

Systems

AIX (430)
Apple (2,104)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,119)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,567)
HPUX (881)
iOS (387)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,136)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,775)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,828)
UNIX (9,454)
UnixWare (188)
Windows (6,766)
Other

sfshoutbox-inject.txt

sfshoutbox-inject.txt

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

sfshoutbox-inject.txt

Share This

sfshoutbox-inject.txt

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems