lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: 13 Jun 2006 10:26:49 -0000 From: luny@...fucktard.com To: bugtraq@...urityfocus.com Subject: Ratescene.co.uk - XSS with session disclosure Ratescene.co.uk Homepage: http://www.ratescene.co.uk Affected files: input boxes of editing your profile ------------------------------------------------ Profile input boxes XSS vuln with cookie disclosure: Data isn't sanatized, try entering the code below: <img src=javascript:alert(document.cookie)> Screenshots: http://www.youfucktard.com/xsp/ratescene1.jpg http://www.youfucktard.com/xsp/ratescene2.jpg -------------------------------------------------- And uh..it seems I can't test this site anymore. Right as i'm testing Isee errors start appearing and then I see this: http://youfucktard.com/xsp/ratescene3.jpg When going back to that other site; ratemylook.co.uk site, i notice I have a e-mail in the site inbox: http://www.youfucktard.com/xsp/ratemyscene4.jpg LoL!