Archive for the ‘XSS’ Category


Advanced Shoutbox and MySql Shoutbox scripts

July 11, 2009

Today I have found an XSS hole in the “Advanced Shoutbox” script and the same XSS hole and an SQL injection vulnerability in the “MySql shoutbox” wich are available here:

Advanced Shoutbox

index.php Line 37:
<form action="<?php echo $_SERVER["PHP_SELF"]; ?>" method="post">

index.php Line 79-82:
if($display == "all"){
?><a href="<?php echo $_SERVER["PHP_SELF"]; ?>">View small shoutbox</a><?php
?><a href="<?php echo $_SERVER["PHP_SELF"]; ?>?show=all">View all shouts</a><?php

Very easy to exploit:

Affected Version: 1.0

MySql shoutbox

The XSS hole is the same as above, but on the lines 50, 55 and 97-99.

SQL Injection:
The index.php does not sanitize the users input on lines 105 and 106.

$input_name = $_POST["input_name"];
$input_text = $_POST["input_text"];
if($row["name"] != $input_name && $row["comment"] != $input_text){
mysql_query("INSERT INTO $db_table (name,comment) VALUES ('$input_name','$input_text');") or die(mysql_error()); //insert name and shout

Just send a POST request to the index.php. In the name field enter whatever you want and in the text field enter ‘+@@version+’ (including the ‘).

Affected Version: 1.0

Vendor has been informed on 27.06.2009

This post has been automatically published after two weeks since the vendor has been informed.



June 21, 2009

I had a little break, and found a new shop with xss holes in it:

Free Image Hosting at;%3C/script%3E&W1=&W2=&W3=

I’ve send an email to them…



June 21, 2009

New blog, new xss…
Today i found an internet shop which is doing a lot of comment spamming in blogs etc… ->
It does not took long to find an xss hole in the registration page:
Just post

Or enter
"><SCrIPT>alert("Yes, I'm vulnerable to XSS")</SCrIPT>
to the inputbox you want it to be.

Free Image Hosting at

And no… I will not give damn spammers a link to their website, you have to copy & paste… And in this case I will not send a notice to the administrator. He has enough to do with spamming etc, i don’t want to disturb him…