Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos network security services platform







Full Disclosure: NatterChat 1.12 txtUsername and txtRoomName XSS

NatterChat 1.12 txtUsername and txtRoomName XSS

From: bug squash <bugsquashr_at_gmail.com>
Date: Thu, 20 Nov 2008 17:58:52 -0500

IN THE NAME OF:

                  ( ( (
   ( ( ( )\ ))\ ) ( )\ )
 ( )\( )\ ( )\ (()/(()/(( )\(()/(
 )((_)((_))((_) /(_))(_))((_)/(_))
((_)_(_)_((_)_ (_))(_))((_)_(_))
 | _ ) _ )/ _ \ | _ \_ _|| _ ) __|
 | _ \ _ \ (_) | | /| | | _ \__ \
 |___/___/\__\_\ |_|_\___||___/___/

[»] Author: [ G4N0K the Tard ]

NatterChat 1.12 txtUsername and txtRoomName XSS

Register new user with on register.asp with
"<script>alert(document.cookie)</script>" as the username (txtUsername
post parameter).
Create new chatroom with "<script>alert(document.cookie)</script>" as
the room name (txtRoomName post parameter)

demo:
http://www.natterchat.co.uk/version112/home.asp

===[ Greetz ]===

        [»] BBQ RIBS
        [»] Fat Back Mac and the BBQ Gang
        [»] Tyler Trioxide
        [»] XoRLu
        [»] HUSSAIN-Z
        

        //Are ya looking for something that has plenty of BUGz...!? I know
it... It's a old plate of BBQ in the corner of G4N0K's hut [:-)
        //BBQ RIBS,forgimme...

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Received on Nov 20 2008

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]