TUCoPS :: Web :: Specific Sites :: b06-2896.htm

Mydeardiary.com - XSS
Mydeardiary.com - XSS
Mydeardiary.com - XSS


Mydeardiary.com=0D
=0D
Homepage:=0D
http://www.mydeardiary.com=0D 
=0D
Effected files:=0D
search input boxes=0D
Adding new diary entries=0D
--------------------------------------=0D
=0D
We create our XSS example by ending quotes with tags  before and after:=0D
">">">'><"<"<"<"<"=0D 
=0D
Screenshots:=0D
http://www.youfucktard.com/xsp/mydear1.jpg=0D 
http://www.youfucktard.com/xsp/mydear2.jpg=0D 
=0D
------------------------------------=0D
=0D
Adding new diary entries XSS vuln:=0D
=0D
In the main inputboxof adding a new entry, we can simply put:  =0D 
=0D
to create our XSS example. No filtering needed. When viewing the entry, no popup will occur, but when you go back =0D
=0D
and save the entry again then view the entry, you'll see it.=0D
=0D
Screenshots:=0D
=0D
http://www.youfucktard.com/xsp/mydear3.jpg=0D 
http://www.youfucktard.com/xsp/mydear4.jpg=0D 
http://www.youfucktard.com/xsp/mydear5.jpg=0D 
http://www.youfucktard.com/xsp/mydear6.jpg=0D 
=0D
Now, to get the popup when viewing the entry instead of just when editing it, we can use  tags instead of script =0D
=0D
tags:=0D
=0D
=0D
=0D
or try:=0D
=0D
=0D

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH