XMB Garage - XSS Exploit in XMB ! - Powered by XMB 1.9.5 Nexus (Final)

	Last Active: Never
	Not logged in [Login - Register]

Portal

FAQ

Member List Forum Stats

Stats

Board Rules

Member Map

Stats Calendar

Photo Gallery

Request List

Request Stats

Calendar

Help Desk

Google Member Map

Download Center Biographies of Staff Members

Bio Center

Back to:

XMB Garage » Security Forum » XSS Exploit in XMB !
Users viewing this page: 0 Members - 1 Robot

Printable Version | Subscribe | Add to Favorites

[Total Views: 889 \| Total Replies: 20 \| Thread Id: 13792]
Author:	Subject: XSS Exploit in XMB !

Online
WormHole
Member No.: 1
Registered: 4-16-2004
Last Visit: 4-17-2008 at 12:47 AM

Position: Owner
Rank: XMBG Owner

Member Info

Gender: Male Male

Zodiac Sign: Virgo Virgo

Personal Photo:
Age: 51

City/Town: Cicero
State/Province: Indiana

Indiana
Country:

United States of America
Mood: Good.....but tired.

Mood Icon:

Favorite Band/Musician: Dream Theater

Member Activity

Threads: 284
Posts: 15739
XMBG Bucks: $910724
Karma Rating: 184

Smite | Praise

Level: 74
HP: 2772 / 2772

MP: 5246 / 21604

Exp: 92%

Warnings:

Installer Information:

4204 Request(s)
166 Install(s)
101 Upgrade(s)
11285 Hack(s)
40 Transfer(s)

Posted on 7-15-2007 at 07:43 AM

XSS Exploit in XMB !

From the desk of Adam Clarke at XMB Services:

It has come to my attention that XMB currently contains an XSS exploit that can be used to steal passwords via flash.

To rectify the issue, edit file: 'functions.php'

Find Code:

Replace Code With:

This will prevent users using flash files to steal cookies.

PLEASE DO NOT U2U ME FOR GENERAL SUPPORT ISSUES!!!

Growing old is only going back to where you're from.

~Kansas~

http://www.danasoft.com/sig/XMBGarage.jpg

Have you clicked today?
Ads help to keep XMB Garage online!

Offline
Mitchell
Member No.: 27
Registered: 7-4-2004
Last Visit: 11-27-2007 at 09:39 PM

Rank: The Experienced Newb
XMBG Benefactor

Member Info

Gender: Male Male

Zodiac Sign: Libra

City/Town: Richmond
State/Province:

Virginia
Country:

United States of America
Mood: Excited!

Mood Icon:

Favorite Band/Musician: Don't have one

Member Activity

Threads: 91
Posts: 303
XMBG Bucks: $24207
Karma Rating: 20

Smite | Praise

Level: 16
HP: 16 / 381

MP: 101 / 4224

Exp: 27%

Warnings:

Request Information:

38 Request(s)
0 Install(s)
0 Upgrade(s)
102 Hack(s)
1 Transfer(s)
Installer:

Posted on 7-15-2007 at 07:50 AM

Thanks for that.

I remembered seeing somewhere about a security issue, but nothing as serious as this.

I'm special.. and if you think so too, then you should click me.. you know you wanna..

Offline
Adam
Member No.: 25
Registered: 6-25-2004
Last Visit: 4-17-2008 at 12:36 AM

Rank: Posting Freak

Member Info

Gender: Male Male

Age: 27

Country:
Great Britain
Mood: Tired

Member Activity

Threads: 10
Posts: 785
XMBG Bucks: $68080
Karma Rating: 23

Smite | Praise

Level: 25
HP: 68 / 606

MP: 261 / 6750

Exp: 25%

Warnings:

Request Information:

XMB Version: 1.9.8 SP2
0 Request(s)
0 Install(s)
0 Upgrade(s)
0 Hack(s)
0 Transfer(s)
Installer:

Posted on 7-15-2007 at 08:10 AM

member.php and viewthread.php also need patching.

Find Code:

Replace Code With:

XMB Services . com

FREE Mod Downloads, FREE Theme Downloads.

Have I helped You?

Offline
Adam
Member No.: 25
Registered: 6-25-2004
Last Visit: 4-17-2008 at 12:36 AM

Rank: Posting Freak

Member Info

Gender: Male Male

Age: 27

Country:
Great Britain
Mood: Tired

Member Activity

Threads: 10
Posts: 785
XMBG Bucks: $68080
Karma Rating: 23

Smite | Praise

Level: 25
HP: 68 / 606

MP: 261 / 6750

Exp: 25%

Warnings:

Request Information:

XMB Version: 1.9.8 SP2
0 Request(s)
0 Install(s)
0 Upgrade(s)
0 Hack(s)
0 Transfer(s)
Installer:

Posted on 7-15-2007 at 10:38 AM

header.php and memcp.php also need patching. However, these files are not as critical as the other 3.

header.php can only be exploited if a rogue flash header is added via the Admin Panel. This may be achieved by adding a flash header that someone has created for you.

memcp.php is only accessible via the current user, so it would only be possible to steal your own cookies.

To rectify these files:

Find Code:

Replace Code With:

XMB Services . com

FREE Mod Downloads, FREE Theme Downloads.

Have I helped You?

Offline
smoochable
Member No.: 909
Registered: 1-22-2007
Last Visit: 4-13-2008 at 02:30 PM

Rank: Junior Member

Member Info

Gender: Female Female

Zodiac Sign: Taurus

Country:

United Kingdom
Mood: yay

Mood Icon:

Member Activity

Threads: 33
Posts: 56
XMBG Bucks: $1325
Karma Rating: 0

Smite | Praise

Level: 6
HP: 3 / 133

MP: 18 / 481

Exp: 34%

Warnings:

Request Information:

XMB Version: 1.9.5 SP1
17 Request(s)
0 Install(s)
0 Upgrade(s)
46 Hack(s)
1 Transfer(s)
Installer: WormHole

Posted on 7-15-2007 at 11:10 AM

I can't find the first script in my functions.php? I'm using notepad and the find tool but it just isn't in there, odd..

Offline
Adam
Member No.: 25
Registered: 6-25-2004
Last Visit: 4-17-2008 at 12:36 AM

Rank: Posting Freak

Member Info

Gender: Male Male

Age: 27

Country:
Great Britain
Mood: Tired

Member Activity

Threads: 10
Posts: 785
XMBG Bucks: $68080
Karma Rating: 23

Smite | Praise

Level: 25
HP: 68 / 606

MP: 261 / 6750

Exp: 25%

Warnings:

Request Information:

XMB Version: 1.9.8 SP2
0 Request(s)
0 Install(s)
0 Upgrade(s)
0 Hack(s)
0 Transfer(s)
Installer:

Posted on 7-15-2007 at 11:22 AM

Try searching for just AllowScriptAccess to see if it is there.

XMB Services . com

FREE Mod Downloads, FREE Theme Downloads.

Have I helped You?

Offline
hellolonely
Member No.: 876
Registered: 11-26-2006
Last Visit: 2-11-2008 at 04:40 PM

Rank: Junior Member

Member Info

State/Province: Ontario

Ontario
Country: Canada

Canada
Mood: Tired

Mood Icon:

Favorite Band/Musician: Taking Back Sunday && AC/DC

Member Activity

Threads: 22
Posts: 59
XMBG Bucks: $2050
Karma Rating: 0

Smite | Praise

Level: 6
HP: 3 / 138

MP: 19 / 563

Exp: 55%

Warnings:

Request Information:

8 Request(s)
0 Install(s)
0 Upgrade(s)
19 Hack(s)
0 Transfer(s)
Installer:

Posted on 7-15-2007 at 12:30 PM

I can't find it either...and I tried searching for AllowScriptAccess and it isn't there either. I also tried patching up the other files...but I couldn't find any of the text?

:|

Offline
Adam
Member No.: 25
Registered: 6-25-2004
Last Visit: 4-17-2008 at 12:36 AM

Rank: Posting Freak

Member Info

Gender: Male Male

Age: 27

Country:
Great Britain
Mood: Tired

Member Activity

Threads: 10
Posts: 785
XMBG Bucks: $68080
Karma Rating: 23

Smite | Praise

Level: 25
HP: 68 / 606

MP: 261 / 6750

Exp: 25%

Warnings:

Request Information:

XMB Version: 1.9.8 SP2
0 Request(s)
0 Install(s)
0 Upgrade(s)
0 Hack(s)
0 Transfer(s)
Installer:

Posted on 7-15-2007 at 12:48 PM

Then it is possible that they are extremely old files and don't contain the original code that was supposed to fix the exploit.

Can you add all 5 files to a zip, and attach them here?

XMB Services . com

FREE Mod Downloads, FREE Theme Downloads.

Have I helped You?

Online
WormHole
Member No.: 1
Registered: 4-16-2004
Last Visit: 4-17-2008 at 12:47 AM

Position: Owner
Rank: XMBG Owner

Member Info

Gender: Male Male

Zodiac Sign: Virgo Virgo

Personal Photo:
Age: 51

City/Town: Cicero
State/Province: Indiana

Indiana
Country:

United States of America
Mood: Good.....but tired.

Mood Icon:

Favorite Band/Musician: Dream Theater

Member Activity

Threads: 284
Posts: 15739
XMBG Bucks: $910724
Karma Rating: 184

Smite | Praise

Level: 74
HP: 2772 / 2772

MP: 5246 / 21604

Exp: 92%

Warnings:

Installer Information:

4204 Request(s)
166 Install(s)
101 Upgrade(s)
11285 Hack(s)
40 Transfer(s)

Posted on 7-15-2007 at 01:07 PM

Adam,

I am looking at their files right now and they are right and the code is not in there. According to the info in the header.php they are 1.9.5 files. Should this stuff be added to these files?

PLEASE DO NOT U2U ME FOR GENERAL SUPPORT ISSUES!!!

Growing old is only going back to where you're from.

~Kansas~

Have you clicked today?
Ads help to keep XMB Garage online!

Offline
Adam
Member No.: 25
Registered: 6-25-2004
Last Visit: 4-17-2008 at 12:36 AM

Rank: Posting Freak

Member Info

Gender: Male Male

Age: 27

Country:
Great Britain
Mood: Tired

Member Activity

Threads: 10
Posts: 785
XMBG Bucks: $68080
Karma Rating: 23

Smite | Praise

Level: 25
HP: 68 / 606

MP: 261 / 6750

Exp: 25%

Warnings:

Request Information:

XMB Version: 1.9.8 SP2
0 Request(s)
0 Install(s)
0 Upgrade(s)
0 Hack(s)
0 Transfer(s)
Installer:

Posted on 7-15-2007 at 01:09 PM

You need to check the flash code that is output to the browser.

It needs to have the AllowScriptAccess="never" to prevent this exploit.

If you search for flash you should find it quickly as there are only about 3 occurrences all within a few lines.

XMB Services . com

FREE Mod Downloads, FREE Theme Downloads.

Have I helped You?

Offline
hellolonely
Member No.: 876
Registered: 11-26-2006
Last Visit: 2-11-2008 at 04:40 PM

Rank: Junior Member

Member Info

State/Province: Ontario

Ontario
Country: Canada

Canada
Mood: Tired

Mood Icon:

Favorite Band/Musician: Taking Back Sunday && AC/DC

Member Activity

Threads: 22
Posts: 59
XMBG Bucks: $2050
Karma Rating: 0

Smite | Praise

Level: 6
HP: 3 / 138

MP: 19 / 563

Exp: 55%

Warnings:

Request Information:

8 Request(s)
0 Install(s)
0 Upgrade(s)
19 Hack(s)
0 Transfer(s)
Installer:

Posted on 7-15-2007 at 01:23 PM

Sure, here are the 5 files in a zip:

Online
WormHole
Member No.: 1
Registered: 4-16-2004
Last Visit: 4-17-2008 at 12:47 AM

Position: Owner
Rank: XMBG Owner

Member Info

Gender: Male Male

Zodiac Sign: Virgo Virgo

Personal Photo:
Age: 51

City/Town: Cicero
State/Province: Indiana

Indiana
Country:

United States of America
Mood: Good.....but tired.

Mood Icon:

Favorite Band/Musician: Dream Theater

Member Activity

Threads: 284
Posts: 15739
XMBG Bucks: $910724
Karma Rating: 184

Smite | Praise

Level: 74
HP: 2772 / 2772

MP: 5246 / 21604

Exp: 92%

Warnings:

Installer Information:

4204 Request(s)
166 Install(s)
101 Upgrade(s)
11285 Hack(s)
40 Transfer(s)

Posted on 7-15-2007 at 01:24 PM

Not needed. I have fixed this for you.

PLEASE DO NOT U2U ME FOR GENERAL SUPPORT ISSUES!!!

Growing old is only going back to where you're from.

~Kansas~

Have you clicked today?
Ads help to keep XMB Garage online!

Offline
hellolonely
Member No.: 876
Registered: 11-26-2006
Last Visit: 2-11-2008 at 04:40 PM

Rank: Junior Member

Member Info

State/Province: Ontario

Ontario
Country: Canada

Canada
Mood: Tired

Mood Icon:

Favorite Band/Musician: Taking Back Sunday && AC/DC

Member Activity

Threads: 22
Posts: 59
XMBG Bucks: $2050
Karma Rating: 0

Smite | Praise

Level: 6
HP: 3 / 138

MP: 19 / 563

Exp: 55%

Warnings:

Request Information:

8 Request(s)
0 Install(s)
0 Upgrade(s)
19 Hack(s)
0 Transfer(s)
Installer:

Posted on 7-15-2007 at 04:30 PM

So it's all okay? Thank you very much

Offline
Adam
Member No.: 25
Registered: 6-25-2004
Last Visit: 4-17-2008 at 12:36 AM

Rank: Posting Freak

Member Info

Gender: Male Male

Age: 27

Country:
Great Britain
Mood: Tired

Member Activity

Threads: 10
Posts: 785
XMBG Bucks: $68080
Karma Rating: 23

Smite | Praise

Level: 25
HP: 68 / 606

MP: 261 / 6750

Exp: 25%

Warnings:

Request Information:

XMB Version: 1.9.8 SP2
0 Request(s)
0 Install(s)
0 Upgrade(s)
0 Hack(s)
0 Transfer(s)
Installer:

Posted on 7-15-2007 at 04:36 PM

Quote:

Originally posted by hellolonely
So it's all okay?

Yes, WormHole modified all 5 of your files, you are now secured against this exploit.

XMB Services . com

FREE Mod Downloads, FREE Theme Downloads.

Have I helped You?

Online
WormHole
Member No.: 1
Registered: 4-16-2004
Last Visit: 4-17-2008 at 12:47 AM

Position: Owner
Rank: XMBG Owner

Member Info

Gender: Male Male

Zodiac Sign: Virgo Virgo

Personal Photo:
Age: 51

City/Town: Cicero
State/Province: Indiana

Indiana
Country:

United States of America
Mood: Good.....but tired.

Mood Icon:

Favorite Band/Musician: Dream Theater

Member Activity

Threads: 284
Posts: 15739
XMBG Bucks: $910724
Karma Rating: 184

Smite | Praise

Level: 74
HP: 2772 / 2772

MP: 5246 / 21604

Exp: 92%

Warnings:

Installer Information:

4204 Request(s)
166 Install(s)
101 Upgrade(s)
11285 Hack(s)
40 Transfer(s)

Posted on 7-15-2007 at 06:45 PM

Quote:

Originally posted by hellolonely
So it's all okay? Thank you very much

You're welcome!

PLEASE DO NOT U2U ME FOR GENERAL SUPPORT ISSUES!!!

Growing old is only going back to where you're from.

~Kansas~

Have you clicked today?
Ads help to keep XMB Garage online!

Online
WormHole
Member No.: 1
Registered: 4-16-2004
Last Visit: 4-17-2008 at 12:47 AM

Position: Owner
Rank: XMBG Owner

Member Info

Gender: Male Male

Zodiac Sign: Virgo Virgo

Personal Photo:
Age: 51

City/Town: Cicero
State/Province: Indiana

Indiana
Country:

United States of America
Mood: Good.....but tired.

Mood Icon:

Favorite Band/Musician: Dream Theater

Member Activity

Threads: 284
Posts: 15739
XMBG Bucks: $910724
Karma Rating: 184

Smite | Praise

Level: 74
HP: 2772 / 2772

MP: 5246 / 21604

Exp: 92%

Warnings:

Installer Information:

4204 Request(s)
166 Install(s)
101 Upgrade(s)
11285 Hack(s)
40 Transfer(s)

Posted on 7-16-2007 at 05:09 PM

It has come to my attention that there is still an XSS exploit in XMB.

Hackers can still gain access to your cookies by attaching flash files to posts. This issue only becomes a problem when you click on the attachment that will load in a new window/tab and redirect to a site with your cookies attached.

AI Advanced (From XMB) and I have been testing with flash files and can verify that it is possible to steal cookies.

To rectify the issue we need to force attachments to be downloaded instead of loading in the browser.

This is simply done by editing viewthread.php.

Find Code:

Replace Code With:

PLEASE DO NOT U2U ME FOR GENERAL SUPPORT ISSUES!!!

Growing old is only going back to where you're from.

~Kansas~

Have you clicked today?
Ads help to keep XMB Garage online!

Offline
Tone
Member No.: 618
Registered: 10-19-2005
Last Visit: 3-3-2008 at 09:55 AM

Rank: Member

Member Info

Gender: Female Female

Zodiac Sign: Capricorn

Age: 15

City/Town: Lier
Country:
Norway
Mood: Gollum, Gollum.

Mood Icon:
Favorite Band/Musician: Arch Enemy

Member Activity

Threads: 53
Posts: 298
XMBG Bucks: $8775
Karma Rating: 1

Smite | Praise

Level: 16
HP: 24 / 378

MP: 99 / 2758

Exp: 14%

Warnings:

Request Information:

XMB Version: 1.9.6 Alpha/SP1
4 Request(s)
0 Install(s)
1 Upgrade(s)
3 Hack(s)
0 Transfer(s)
Installer: WormHole

Posted on 7-17-2007 at 12:48 PM

Thanks for this. ^^

Offline
janneke
Member No.: 988
Registered: 6-29-2007
Last Visit: 3-24-2008 at 03:51 AM

Rank: XMBG Benefactor

Member Info

Gender: Female Female

Zodiac Sign: Libra

Member Activity

Threads: 43
Posts: 129
XMBG Bucks: $3850
Karma Rating: 15

Smite | Praise

Level: 10
HP: 20 / 235

MP: 43 / 549

Exp: 40%

Warnings:

Request Information:

24 Request(s)
0 Install(s)
0 Upgrade(s)
60 Hack(s)
1 Transfer(s)
Installer: WormHole

Posted on 9-3-2007 at 11:29 AM

ok maybe it is me but I cannot seem to find those things that need to be changed.

can anybody help me?

Online
WormHole
Member No.: 1
Registered: 4-16-2004
Last Visit: 4-17-2008 at 12:47 AM

Position: Owner
Rank: XMBG Owner

Member Info

Gender: Male Male

Zodiac Sign: Virgo Virgo

Personal Photo:
Age: 51

City/Town: Cicero
State/Province: Indiana

Indiana
Country:

United States of America
Mood: Good.....but tired.

Mood Icon:

Favorite Band/Musician: Dream Theater

Member Activity

Threads: 284
Posts: 15739
XMBG Bucks: $910724
Karma Rating: 184

Smite | Praise

Level: 74
HP: 2772 / 2772

MP: 5246 / 21604

Exp: 92%

Warnings:

Installer Information:

4204 Request(s)
166 Install(s)
101 Upgrade(s)
11285 Hack(s)
40 Transfer(s)

Posted on 9-3-2007 at 03:02 PM

Quote:

Originally posted by janneke
ok maybe it is me but I cannot seem to find those things that need to be changed.

can anybody help me?

I have fixed this for you.

PLEASE DO NOT U2U ME FOR GENERAL SUPPORT ISSUES!!!

Growing old is only going back to where you're from.

~Kansas~

Have you clicked today?
Ads help to keep XMB Garage online!

Offline
janneke
Member No.: 988
Registered: 6-29-2007
Last Visit: 3-24-2008 at 03:51 AM

Rank: XMBG Benefactor

Member Info

Gender: Female Female

Zodiac Sign: Libra

Member Activity

Threads: 43
Posts: 129
XMBG Bucks: $3850
Karma Rating: 15

Smite | Praise

Level: 10
HP: 20 / 235

MP: 43 / 549

Exp: 40%

Warnings:

Request Information:

24 Request(s)
0 Install(s)
0 Upgrade(s)
60 Hack(s)
1 Transfer(s)
Installer: WormHole

Posted on 9-4-2007 at 05:18 AM

Many many many many thanks!! My forum whas hacked befor and I wanna do everything against it! I owe you again!

Online
WormHole
Member No.: 1
Registered: 4-16-2004
Last Visit: 4-17-2008 at 12:47 AM

Position: Owner
Rank: XMBG Owner

Member Info

Gender: Male Male

Zodiac Sign: Virgo Virgo

Personal Photo:
Age: 51

City/Town: Cicero
State/Province: Indiana

Indiana
Country:

United States of America
Mood: Good.....but tired.

Mood Icon:

Favorite Band/Musician: Dream Theater

Member Activity

Threads: 284
Posts: 15739
XMBG Bucks: $910724
Karma Rating: 184

Smite | Praise

Level: 74
HP: 2772 / 2772

MP: 5246 / 21604

Exp: 92%

Warnings:

Installer Information:

4204 Request(s)
166 Install(s)
101 Upgrade(s)
11285 Hack(s)
40 Transfer(s)

Posted on 9-4-2007 at 06:04 AM

You're welcome!

PLEASE DO NOT U2U ME FOR GENERAL SUPPORT ISSUES!!!

Growing old is only going back to where you're from.

~Kansas~

Have you clicked today?
Ads help to keep XMB Garage online!

XMB Garage » Security Forum » XSS Exploit in XMB !

Powered by XMB 1.9.5 Nexus (Final)
Developed By Aventure Media & The XMB Group © 2002-2006

[queries: 56]
[PHP: 78.4% - SQL: 21.6%]

XMB Garage � 2004-2008