January 10th, 2005, 12:37 AM
This was a vulnerability in the past, but was never properly fixed. About a month ago I contacted the AO admin's about it and provided a PoC, however I never received a response after its acknowledgement and the hole was never fixed. I decided while going over this thread that I owe it to the community to publicize what I found:
Cross Site Scripting (XSS) attacks are possible in the username field of karma.php. XSS attacks are scripts injected
injected into any the username field. Although there are precautions taken by Antionline.com to prevent this, input
sanitization is incomplete.
link. Antionline.com allows users to authenticate themselves through cookies, allowing attackers to impersonate victims
through stolen cookies.
mnstrgrl: An addslashes function isn't enough to sanitize fields.
January 10th, 2005, 08:34 PM
Looks like it's still around... any word on a fix?
January 10th, 2005, 09:11 PM
Our folks are looking into it SP, and I do appreciate you dropping me a note about it. We're keeping a close eye out for jaycee (justin case).