lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: 10 Jun 2006 00:57:52 -0000 From: charlie@...hackersplace.org To: bugtraq@...urityfocus.com Subject: GamePlay.co.uk XSS Homepage: www.gameplay.co.uk Example: http://shop.gameplay.co.uk/webstore/advanced_search.asp?Keyword=&terms=!&badterm=<script>alert(document.cookie)</script> Also... The current password is not necessary for a successful password change for members of gameplay.co.uk which makes changing passwords through scripts as easy as tying your shoe lace. (https://shop.gameplay.co.uk/gameplay/changepassword.asp) I tried emailing these clowns about their silly flaws, but I had no joy. Charlie.