Cubro Classified Script Persistent/Reflected XSS Vulnerabili
Posted on 17 August 2010
<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>Cubro Classified Script Persistent/Reflected XSS Vulnerability</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>============================================================== Cubro Classified Script Persistent/Reflected XSS Vulnerability ============================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 _ __ __ __ 1 1 /' __ /'__` / \__ /'__` 0 0 /\_, ___ /\_/\_ ___ ,_/ / _ ___ 1 1 /_/ /' _ ` / /_/_\_<_ /'___ / /`'__ 0 0 / / / / \__/ \_ \_ / 1 1 \_ \_ \_\_ \____/ \____\ \__\ \____/ \_ 0 0 /_//_//_/ \_ /___/ /____/ /__/ /___/ /_/ 1 1 \____/ >> Exploit database separated by exploit 0 0 /___/ type (local, remote, DoS, etc.) 1 1 1 0 [+] Site : Inj3ct0r.com 0 1 [+] Support e-mail : submit[at]inj3ct0r.com 1 0 0 1 ########################################## 1 0 I'm Sid3^effects member from Inj3ct0r Team 1 1 ########################################## 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 Name : Cubro Classified Script Persistent/Reflected XSS Vulnerability Date : August, 17 2010 Vendor Url : http://www.classifieds.cubrosoft.com/ Author : Sid3^effects aKa HaRi <shell_c99[at]yahoo.com> Big hugs : Th3 RDX special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,MA1201,KeDar,Sonic,gunslinger_,Sn!pEr.S!Te,n4pst3rr greetz to :www.topsecure.net ,trent Dillman,*iNF3c73D_c0D3r*,All ICW members and my friends :) luv y0 guyz ####################################################################################################### Cubro Classified Script allows your customers to place their classified ads on your site, free or paid classified ads to be choose from your admin setting. Included with banner ads function which allow you to place banner ads for your advertiser. Cubro Classifieds is very easy to install and configure even for just beginners. No need to be programmer or professional to run or manage the software on your server, all you need is the general internet stuff, like how to use any ftp program to transfer files, how to change files permissions, very little html to customize the templates or links to your look and feel. Users has a very advanced search tools besides the simple and fast search box that shows up on all the pages. ####################################################################################################### The flaw allows cross site scripting attack. This flaw exists because it doesn't validate the inputs which are passed. Xploit: Persistent XSS Vulnerability Step 1 : Register Step 2 : goto the option " POST AD demo url:http://www.classifieds.cubrosoft.com/demo/postad.php?postadret Step 3 : Insert your xss scripts in the field and save it Step 4 : now check your ad :) ############################################################################################################### Xploit: Non-Persistent XSS Vulnerability http://www.classifieds.cubrosoft.com/demo/banner_transaction.php?itemno=[Xss] Screenshot : http://img52.imageshack.us/img52/6519/cub.png (Persistent XSS) http://img691.imageshack.us/img691/9550/refe.png (Reflected XSS) ############################################################################################################### # 0day no more # Sid3^effects # <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-08-17]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>
