mailing list archives
persistant XSS, Manipulation of Data and privileg escalation in gpotato.eu forums
From: "MC Iglo" <mc.iglo () googlemail com>
Date: Mon, 9 Jun 2008 17:46:02 +0200
the forums of gpotato.eu is prone to multiple different vulnerabilities.
Timeline for XSS:
14. May: notified gpotato.eu stating, that there are security wholes
in their forum I could use to steal login-information
15. May: response: there is no bug in the forum, and as the login
information is encrypted, there is no problem
15. May: sending example:
16. May: response: Ok, there was a bug when User has IE (bullshit, but
example code doesn't work anymore)
16. May: sent next example: <p onmouseover='alert(document.cookie);'>blabla</p>
no more response. It doesn't work this way anymore, but my code is
still sent to the site and only gets enclosed as title="mycode".
Still might be vulnearble.
I don't have a timeline for manipulation and escalation, but I told
them several times now.
It was possible, to reply to closed threads, which seems to be fixed
now. But for the same time, they know, anyone (logged in) can edit
anybody's postings, which is still unfixed.
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
- persistant XSS, Manipulation of Data and privileg escalation in gpotato.eu forums MC Iglo (Jun 11)