Bugtraq mailing list archives
B3ta.com - XSS with cookie disclosure
From: luny () youfucktard com
Date: 15 Jun 2006 06:54:18 -0000
B3ta.com Homepage: http://www.b3ta.com Affected files: Input boxes of your profile XSS vuln with cookie disclosure via Profile: box. Data isn't correctly sanatized before being generated. We can bypass the filters of the site one way by using img tags and converting our javascript to UTF-8 unicode. PoC: <IMG SRC=javascript:alert(document.cookie)> Screenshots: http://www.youfucktard.com/xsp/b3ta1.jpg http://www.youfucktard.com/xsp/b3ta2.jpg
Current thread:
- B3ta.com - XSS with cookie disclosure luny (Jun 18)