BugTraq
Back to list
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
P.A.I.D v2.2
Jun 09 2006 10:05AM
luny youfucktard com
P.A.I.D v2.2
Homepage:
http://www.webexceluk.net
Effected files:
faq.php
input form of logging in.
index.php
The input forms of logging into My Account do not sanatize user input. For PoC of a XSS attack simply put in:
"><IMG SRC=javascript:alert('XSS')><"
It also seems when logging...
[ more ]
Privacy Statement
Copyright 2010, SecurityFocus
Homepage:
http://www.webexceluk.net
Effected files:
faq.php
input form of logging in.
index.php
The input forms of logging into My Account do not sanatize user input. For PoC of a XSS attack simply put in:
"><IMG SRC=javascript:alert('XSS')><"
It also seems when logging...
[ more ]