VampireFreaks journal XSS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Subject: VampireFreaks journal XSS
From: nanoymaster@xxxxxxxxx
Date: 12 Jun 2006 23:57:58 -0000

yes the journal is exploitable aswell

there seem to be no filters on the journal title so you can simply put: "><script>alert('XSS')</script>

also the other places where you can update your journal etc. don't filter anything

proof:
http://vampirefreaks.com/journal.php?u=NanoyMaster

Prev by Date: Re: Ie opera dos exploit
Next by Date: Facetherating.com - XSS & session disclosure
Previous by thread: Ratemylook.co.uk - XSS with session disclosure
Next by thread: Facetherating.com - XSS & session disclosure
Index(es):
- Date
- Thread

[Index of Archives] [Linux Security] [Netfilter] [PHP] [Yosemite News] [Linux Kernel]

Powered by Linux