Housecarers.com - XSS & cookie disclosure

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Housecarers.com - XSS & cookie disclosure
From: luny@xxxxxxxxxxxxxxx
Date: 17 Jun 2006 04:18:27 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Housecarers.com

Homepage:
http://housecarers.com

Affected files:

* Posting a Housesit:

- City/Town  box
- County/District box
- Suburb box
- City/Town Area box

* Searching for housesitters

* Sending messages to house sitters. 

* Viewing member profiles
----------------------------------------

XSS vuln via posting housesit boxes. For a PoC, in one of the boxes above put:
<script>alert('xss')</script>


Screenshots:
http://www.youfucktard.com/xsp/housecare1.jpg
http://www.youfucktard.com/xsp/housecare2.jpg

((When viewing a members profile, this XSS example occurs as well))
-------------------------------------

XSS vuln when searching for house sitters. Same PoC as above, in the input 
boxes put:

<script>alert('xss')</script>

Screenshots:
http://www.youfucktard.com/xsp/housecare3.jpg
http://www.youfucktard.com/xsp/housecare4.jpg

-----------------------------------

XSS vuln with cfm token disclosure when sending msgs to members:

For a PoC in any input box, as the screenshots show, try putting:
<script>alert(document.cookie)</script>

Screenshots:
http://www.youfucktard.com/xsp/housecare5.jpg
http://www.youfucktard.com/xsp/housecare6.jpg

----------------------------------

Prev by Date: Re: PHP security (or the lack thereof)
Next by Date: Dealgates.com - XSS with cookie disclosure
Previous by thread: [ECHO_ADV_33$2006] CMS Faethon 1.3.2 mainpath Remote File Inclusion
Next by thread: Dealgates.com - XSS with cookie disclosure
Index(es):
- Date
- Thread