| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 07 Jun 2007 12:58:59 +0200 From: Florian Stinglmayr <fstinglmayr@...il.com> To: full-disclosure@...ts.grok.org.uk Subject: XSS in Space4k.[pl|fr|com|de|it] Application: Space4k Web Site: http://www.space4k.[pl|fr|com|de|it] Bug: XSS (Cross site Scripting) Discoverer: Florian Stinglmayr Date: 2007-06-07 ---------------------------------------------------------------------- Description: ============ Space4K is a massive multiplayer online game game which can be played via the browser. Space4k has several divisions for different countries, e.g. .de for German speaking users, .com for English speaking countries and so forth. Space4k is being developed by GameForge AG. Flaw: ===== The login.php has a GET variable named "error" which is used to display a string to the user in case of an error, e.g. "Username wrong.". This variable is being send to the user without proper sanitizing. A malicious user is able to include arbitrary HTML/Javascript by using this variable. POC: ==== http://space4k.com/space/login.php?error=%3Cscript%3Ealert(23);%3C/script%3E http://space4k.de/space/login.php?error=%3Cscript%3Ealert(23);%3C/script%3E http://space4k.fr/space/login.php?error=%3Cscript%3Ealert(23);%3C/script%3E http://space4k.it/space/login.php?error=%3Cscript%3Ealert(23);%3C/script%3E http://space4k.pl/space/login.php?error=%3Cscript%3Ealert(23);%3C/script%3E Vulnerable Sites: ================= http://www.space4k.de http://www.space4k.com http://www.space4k.fr http://www.space4k.it http://www.space4k.pl Regards, Florian Stinglmayr _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists