Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

persistant XSS, Manipulation of Data and privileg escalation in gpotato.eu forums
From: "MC Iglo" <mc.iglo () googlemail com>
Date: Mon, 9 Jun 2008 17:46:02 +0200

Hi all,

the forums of gpotato.eu is prone to multiple different vulnerabilities.

Timeline for XSS:
14. May: notified gpotato.eu stating, that there are security wholes
in their forum I could use to steal login-information
15. May: response: there is no bug in the forum, and as the login
information is encrypted, there is no problem
15. May: sending example:
<scr<script>ipt>alert(document.cookie);</scr</script>ipt>
16. May: response: Ok, there was a bug when User has IE (bullshit, but
example code doesn't work anymore)
16. May: sent next example: <p onmouseover='alert(document.cookie);'>blabla</p>

no more response. It doesn't work this way anymore, but my code is
still sent to the site and only gets enclosed as title="mycode".
Still might be vulnearble.

I don't have a timeline for manipulation and escalation, but I told
them several times now.
It was possible, to reply to closed threads, which seems to be fixed
now. But for the same time, they know, anyone (logged in) can edit
anybody's postings, which is still unfixed.
http://t*nyurl.com/5ovmr7

regards
MC.Iglo

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • persistant XSS, Manipulation of Data and privileg escalation in gpotato.eu forums MC Iglo (Jun 11)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]