[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Dating biz@ dating script v1.0 - XSS
From:       luny () youfucktard ! com
Date:       2006-06-22 23:13:20
Message-ID: 20060622231320.4328.qmail () securityfocus ! com
[Download RAW message or body]

Custom dating biz@ dating script v1.0

Homepage:
http://www.e-cbd.biz/php_dating_script.html

Affected files:

*Profiles
user_view.php
photo_create.php
---------------------------------

The edit profile form can be spoofed and a user can enter any data he wishes and it \
will update his profile. The "Choose an opening like and Pople say you look like" \
input boxes are the only ones that when entered, will be reviewed by the sites admin. \
Max char limit stored in the db for each profile box appears to be 36 chars EXCEPT \
for the input box "Special Cases". This box is where I will 

display our XSS example with the cookie info.

PoC:

<script>alert(document.cookie)</script>


Screenshots:

http://www.youfucktard.com/xsp/ebizdate1.jpg
http://www.youfucktard.com/xsp/ebizdate2.jpg
http://www.youfucktard.com/xsp/ebizdate3.jpg

-----------------------------------

XSS vuln via user_view.php:

http://www.example.com/user_view.php?u=<iframe%20src=http://ha.ckers.org/scriptlet.html>


----------------------------------

XSS vuln on photo_create.php.

Max char limit stored in db is only 32, but data isn't sanatized.

---------------------------------


[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic