Re: [ CWE-79 ] *.nastyfans.org is vulnerable to script injection
I am curious to know what OG will do after this thread 
I am also concerned that if what OP says really exists, has anyone taken advantage of it? Specifically this
Why don't you try it yourself??
1. Go to: https://analyzer.nastyfans.org/?s=1
2. Inside the search, paste:
3. Press submit and see the XXS being execute.
___________________________________________________
You simply cannot go to every search button and paste the script to check if the pop up comes or not, you need to dig inside the code to find if there is any reflected parameter or not, how does the sanitizer for the current website works..etc.
That is why I pasted so many screenshots as I was doing research on the website for the vulnerability bounty, but all in vain.
So far what I have tried on bitcointalk, believe me bitcointalk has some of great script protection. I have tried a lot to execute all kinds of XSS but it blocks me. I hope theymos is paying too much to cloudflare.
Bitcointalk has some smart sanitization for every input but just not for merit where 1ds as merit amount will surely let you spend 1 merit but ds1 won't.
On top of all, it is the attitude of a person, theymos has always entertained me for any problem that I have ever reported to me, unlike saying don't tell me I don't operate the site.
I am also concerned that if what OP says really exists, has anyone taken advantage of it? Specifically thisA malicious person can inject a shell script and get the personal deposit address of respected accounts, email..etc along with server information. If the website as claimed to operate 1000s of BTC then the vulnerability is intensified.
Why don't you try it yourself??
1. Go to: https://analyzer.nastyfans.org/?s=1
2. Inside the search, paste:
Code:
"><script>alert('Boris007 was here')</script>
3. Press submit and see the XXS being execute.
___________________________________________________
You simply cannot go to every search button and paste the script to check if the pop up comes or not, you need to dig inside the code to find if there is any reflected parameter or not, how does the sanitizer for the current website works..etc.
That is why I pasted so many screenshots as I was doing research on the website for the vulnerability bounty, but all in vain.
So far what I have tried on bitcointalk, believe me bitcointalk has some of great script protection. I have tried a lot to execute all kinds of XSS but it blocks me. I hope theymos is paying too much to cloudflare.
Bitcointalk has some smart sanitization for every input but just not for merit where 1ds as merit amount will surely let you spend 1 merit but ds1 won't.
On top of all, it is the attitude of a person, theymos has always entertained me for any problem that I have ever reported to me, unlike saying don't tell me I don't operate the site.