TUCoPS :: Web :: Specific Sites :: b06-3121.htm

Facetherating.com - XSS & session disclosure
Facetherating.com - XSS & session disclosure
Facetherating.com - XSS & session disclosure


Facetherating.com=0D
=0D
Homepage:=0D
http://www.facetherating.com=0D 
=0D
Affected files:=0D
showprofile.php=0D
=0D
XSS vuln via showprofile.php:=0D
=0D
The site does the typical filtering of adding backslashes to ' and " so We'll try something different this time and use a fromCharCode. =0D
=0D
http://www.facetherating.com/showprofile.php?username=mustang_chick=0D 
=0D
Now to show our cookie:=0D
http://www.facetherating.com/showprofile.php?username=mustang_chick=0D 
=0D
Screenshots:=0D
=0D
http://www.youfucktard.com/xsp/facerate1.jpg=0D 
http://www.youfucktard.com/xsp/facerate2.jpg=0D 
=0D
Unfortunately, my profile wasn't approved (lol) so I can't test anymore sections of the siteright now.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH