Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:16025
HistoryFeb 12, 2007 - 12:00 a.m.

BtitTracker 1.4 XSS

2007-02-1200:00:00
vulners.com
18

BtitTracker 1.4 xss

Some fields are not sanitized for bad chars or words like javascript.

=email field=
When new user is registered you can put whatever you want and after that when still in mode "validating" you can change your email to something like "><plaintext>
the field is 30 chars long so it is hard to xss exploit it successfully.

=UserSearch field=
It is not checked for bad chars
example:
http://localhost/tracker/users.php?searchtext=&quot;&gt;&lt;plaintext&gt;

=ForumTopicSubject=
When in forums and write new topic the subject field isn`t sanitized.The field is 40 chars and is enough for exploit.

=Avatar=
Yes the avatar also.When you change your profile you can try to put something like
"><script>alert(1)<script>
but this is not that exploitable because only the one who is changing the profile can be xss-ed.
There is another way with
javascript:alert(1)
but this one works only for Opera and IE.
Firefox survived again.

further info here: http://www.btiteam.org/smf/index.php?topic=6625.0


http://auto-motor-und-sport.bg/
С бензин в кръвта!