Ning Vulnerabilities
Apparently the Ning vulns go further than I imagined - picked up by Raavenkroft.
http://houseofhackers.ning.com/xn/css?href=/../../../../../../../.....
UPDATE: Above link has been fixed, and their CSS switcher is no longer loading etc/passwd - ning respond *fairly* quickly, although they still haven't fixed the persistent group XSS which allows me to do anything with your account if you land on my group page.. We'll see.
For those who want to do some playing around:
http://developer.ning.com/main/docs/XN?dd/d8f/class_x_n___query.html
There's no validation in that function, and can probably be very easily exploited.. So on top of XSS vulns (persistent and reflective), they are open to SQL and Directory Traversal?! BLEH FIX YOUR SITE.
http://houseofhackers.ning.com/xn/css?href=/../../../../../../../.....
UPDATE: Above link has been fixed, and their CSS switcher is no longer loading etc/passwd - ning respond *fairly* quickly, although they still haven't fixed the persistent group XSS which allows me to do anything with your account if you land on my group page.. We'll see.
For those who want to do some playing around:
http://developer.ning.com/main/docs/XN?dd/d8f/class_x_n___query.html
There's no validation in that function, and can probably be very easily exploited.. So on top of XSS vulns (persistent and reflective), they are open to SQL and Directory Traversal?! BLEH FIX YOUR SITE.
© 2009 Created by pdp on Ning. Create a Ning Network!
