<<< Date Index >>>     <<< Thread Index >>>

Ratescene.co.uk - XSS with session disclosure



Ratescene.co.uk

Homepage:
http://www.ratescene.co.uk

Affected files:
input boxes of editing your profile
------------------------------------------------

Profile input boxes XSS vuln with cookie disclosure:
Data isn't sanatized, try entering the code below:


<img src=javascript:alert(document.cookie)>

Screenshots:
http://www.youfucktard.com/xsp/ratescene1.jpg
http://www.youfucktard.com/xsp/ratescene2.jpg

--------------------------------------------------

And uh..it seems I can't test this site anymore. Right as i'm testing Isee 
errors start appearing and then I see this:

http://youfucktard.com/xsp/ratescene3.jpg

When going back to that other site; ratemylook.co.uk site, i notice I have a 
e-mail in the site inbox:

http://www.youfucktard.com/xsp/ratemyscene4.jpg

LoL!