| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 15 Jun 2006 06:54:18 -0000 From: luny@...fucktard.com To: bugtraq@...urityfocus.com Subject: B3ta.com - XSS with cookie disclosure B3ta.com Homepage: http://www.b3ta.com Affected files: Input boxes of your profile XSS vuln with cookie disclosure via Profile: box. Data isn't correctly sanatized before being generated. We can bypass the filters of the site one way by using img tags and converting our javascript to UTF-8 unicode. PoC: <IMG SRC=javascript:alert(document.cookie)> Screenshots: http://www.youfucktard.com/xsp/b3ta1.jpg http://www.youfucktard.com/xsp/b3ta2.jpg
Powered by blists - more mailing lists