Ratescene.co.uk - XSS with session disclosure
Ratescene.co.uk
Homepage:
http://www.ratescene.co.uk
Affected files:
input boxes of editing your profile
------------------------------------------------
Profile input boxes XSS vuln with cookie disclosure:
Data isn't sanatized, try entering the code below:
<img src=javascript:alert(document.cookie)>
Screenshots:
http://www.youfucktard.com/xsp/ratescene1.jpg
http://www.youfucktard.com/xsp/ratescene2.jpg
--------------------------------------------------
And uh..it seems I can't test this site anymore. Right as i'm testing Isee
errors start appearing and then I see this:
http://youfucktard.com/xsp/ratescene3.jpg
When going back to that other site; ratemylook.co.uk site, i notice I have a
e-mail in the site inbox:
http://www.youfucktard.com/xsp/ratemyscene4.jpg
LoL!