| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 22 Jun 2006 23:13:20 -0000 From: luny@...fucktard.com To: bugtraq@...urityfocus.com Subject: Dating biz@ dating script v1.0 - XSS Custom dating biz@ dating script v1.0 Homepage: http://www.e-cbd.biz/php_dating_script.html Affected files: *Profiles user_view.php photo_create.php --------------------------------- The edit profile form can be spoofed and a user can enter any data he wishes and it will update his profile. The "Choose an opening like and Pople say you look like" input boxes are the only ones that when entered, will be reviewed by the sites admin. Max char limit stored in the db for each profile box appears to be 36 chars EXCEPT for the input box "Special Cases". This box is where I will display our XSS example with the cookie info. PoC: <script>alert(document.cookie)</script> Screenshots: http://www.youfucktard.com/xsp/ebizdate1.jpg http://www.youfucktard.com/xsp/ebizdate2.jpg http://www.youfucktard.com/xsp/ebizdate3.jpg ----------------------------------- XSS vuln via user_view.php: http://www.example.com/user_view.php?u=<iframe%20src=http://ha.ckers.org/scriptlet.html> ---------------------------------- XSS vuln on photo_create.php. Max char limit stored in db is only 32, but data isn't sanatized. ---------------------------------
Powered by blists - more mailing lists