TUCoPS :: Web :: Specific Sites :: b06-3111.htm

Cybersocieties.com - XSS & cookie disclosure
Cybersocieties.com - XSS & cookie disclosure
Cybersocieties.com - XSS & cookie disclosure


Cybersocieties.com=0D
=0D
=0D
Homepage:=0D
http://www.cybersocieties.com=0D 
=0D
Effected files:=0D
=0D
* Input boxes in profile:=0D
=0D
- Full name box=0D
- Occupation box=0D
- MSN box=0D
- Yahoo box=0D
- AIM Box=0D
=0D
* Viewing a profile=0D
=0D
------------------------------------------------------=0D
=0D
XSS vuln via input boxes in profile:=0D
=0D
No filter evasion is needed. For PoC try putting the following codesin one of theboxes mentioned above:=0D
=0D
=0D 
or:=0D
=0D
=0D
=0D
or:=0D
=0D
=0D
=0D
etc=0D
=0D
=0D
Screenshots:=0D
http://www.youfucktard.com/xsp/cyberso1.jpg=0D 
http://www.youfucktard.com/xsp/cyberso2.jpg=0D 
http://www.youfucktard.com/xsp/cyberso3.jpg=0D 
=0D
Our Cookie:=0D
=0D
This is remote text via xss.js located at youfucktard.com CFTOKEN=544ABB96-138B-14A6-ADAD1496630F53D7; CFID=436305; USERID=28506=0D
=0D
--------------------------------------------------------=0D
Viewing a profile XSS vuln PoC:=0D
=0D
">">">">'>

<"<"<"<"<""><"<'=0D">http://www.cybersocieties.com/index.cfm?fractal=bsw.dsp.home.main&UserID=28506&tab=3">">">">">'>

<"<"<"<"<""><"<'=0D 
=0D
Screenshot:=0D
http://www.youfucktard.com/xsp/cyberso4.jpg

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH