BugTraq
Back to list
|
Post reply
B3ta.com - XSS with cookie disclosure
Jun 15 2006 06:54AM
luny youfucktard com
B3ta.com
Homepage:
http://www.b3ta.com
Affected files:
Input boxes of your profile
XSS vuln with cookie disclosure via Profile: box.
Data isn't correctly sanatized before being generated. We can bypass the filters of the site one way by using img tags and converting our javascript to UTF-8 unicode. PoC:
<IMG SRC=javascript:&#
x61;lert(docume&#
x6E;t.cookie)>
Screenshots:
http://www.youfucktard.com/xsp/b3ta1.jpg
http://www.youfucktard.com/xsp/b3ta2.jpg
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
Homepage:
http://www.b3ta.com
Affected files:
Input boxes of your profile
XSS vuln with cookie disclosure via Profile: box.
Data isn't correctly sanatized before being generated. We can bypass the filters of the site one way by using img tags and converting our javascript to UTF-8 unicode. PoC:
<IMG SRC=javascript:&#
x61;lert(docume&#
x6E;t.cookie)>
Screenshots:
http://www.youfucktard.com/xsp/b3ta1.jpg
http://www.youfucktard.com/xsp/b3ta2.jpg
[ reply ]