BugTraq
Back to list
|
Post reply
VampireFreaks journal XSS
Jun 12 2006 11:57PM
nanoymaster gmail com
yes the journal is exploitable aswell
there seem to be no filters on the journal title so you can simply put: "><script>alert('XSS')</script>
also the other places where you can update your journal etc. don't filter anything
proof:
http://vampirefreaks.com/journal.php?u=NanoyMaster
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
there seem to be no filters on the journal title so you can simply put: "><script>alert('XSS')</script>
also the other places where you can update your journal etc. don't filter anything
proof:
http://vampirefreaks.com/journal.php?u=NanoyMaster
[ reply ]