B3ta.com - XSS with cookie disclosure
B3ta.com
Homepage:
http://www.b3ta.com
Affected files:
Input boxes of your profile
XSS vuln with cookie disclosure via Profile: box.
Data isn't correctly sanatized before being generated. We can bypass the
filters of the site one way by using img tags and converting our javascript to
UTF-8 unicode. PoC:
<IMG
SRC=javascript:alert(document.cookie)>
Screenshots:
http://www.youfucktard.com/xsp/b3ta1.jpg
http://www.youfucktard.com/xsp/b3ta2.jpg