Ratescene.co.uk - XSS with session disclosure

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Ratescene.co.uk - XSS with session disclosure
From: luny@xxxxxxxxxxxxxxx
Date: 13 Jun 2006 10:26:49 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Ratescene.co.uk

Homepage:
http://www.ratescene.co.uk

Affected files:
input boxes of editing your profile
------------------------------------------------

Profile input boxes XSS vuln with cookie disclosure:
Data isn't sanatized, try entering the code below:


<img src=javascript:alert(document.cookie)>

Screenshots:
http://www.youfucktard.com/xsp/ratescene1.jpg
http://www.youfucktard.com/xsp/ratescene2.jpg

--------------------------------------------------

And uh..it seems I can't test this site anymore. Right as i'm testing Isee 
errors start appearing and then I see this:

http://youfucktard.com/xsp/ratescene3.jpg

When going back to that other site; ratemylook.co.uk site, i notice I have a 
e-mail in the site inbox:

http://www.youfucktard.com/xsp/ratemyscene4.jpg

LoL!

Prev by Date: Cybersocieties.com - XSS & cookie disclosure
Next by Date: Macworld.com - XSS vulnerability
Previous by thread: Cybersocieties.com - XSS & cookie disclosure
Next by thread: Macworld.com - XSS vulnerability
Index(es):
- Date
- Thread