BugTraq
Back to list
|
Post reply
Ratescene.co.uk - XSS with session disclosure
Jun 13 2006 10:26AM
luny youfucktard com
Ratescene.co.uk
Homepage:
http://www.ratescene.co.uk
Affected files:
input boxes of editing your profile
------------------------------------------------
Profile input boxes XSS vuln with cookie disclosure:
Data isn't sanatized, try entering the code below:
<img src=javascript:alert(document.cookie)>
Screenshots:
http://www.youfucktard.com/xsp/ratescene1.jpg
http://www.youfucktard.com/xsp/ratescene2.jpg
--------------------------------------------------
And uh..it seems I can't test this site anymore. Right as i'm testing Isee errors start appearing and then I see this:
http://youfucktard.com/xsp/ratescene3.jpg
When going back to that other site; ratemylook.co.uk site, i notice I have a e-mail in the site inbox:
http://www.youfucktard.com/xsp/ratemyscene4.jpg
LoL!
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
Homepage:
http://www.ratescene.co.uk
Affected files:
input boxes of editing your profile
------------------------------------------------
Profile input boxes XSS vuln with cookie disclosure:
Data isn't sanatized, try entering the code below:
<img src=javascript:alert(document.cookie)>
Screenshots:
http://www.youfucktard.com/xsp/ratescene1.jpg
http://www.youfucktard.com/xsp/ratescene2.jpg
--------------------------------------------------
And uh..it seems I can't test this site anymore. Right as i'm testing Isee errors start appearing and then I see this:
http://youfucktard.com/xsp/ratescene3.jpg
When going back to that other site; ratemylook.co.uk site, i notice I have a e-mail in the site inbox:
http://www.youfucktard.com/xsp/ratemyscene4.jpg
LoL!
[ reply ]