Ratescene.co.uk Homepage: http://www.ratescene.co.uk Affected files: input boxes of editing your profile ------------------------------------------------ Profile input boxes XSS vuln with cookie disclosure: Data isn't sanatized, try entering the code below: <img src=javascript:alert(document.cookie)> Screenshots: http://www.youfucktard.com/xsp/ratescene1.jpg http://www.youfucktard.com/xsp/ratescene2.jpg -------------------------------------------------- And uh..it seems I can't test this site anymore. Right as i'm testing Isee errors start appearing and then I see this: http://youfucktard.com/xsp/ratescene3.jpg When going back to that other site; ratemylook.co.uk site, i notice I have a e-mail in the site inbox: http://www.youfucktard.com/xsp/ratemyscene4.jpg LoL!
