It's possible to do a permanent XSS injection on the campus-party.eu website. For this when you register in the website through https://www.campus-party.eu/webapp/participante/personalData?to= you need to put your code in the name field taking into account that it will be converted into caps when reflected. Once done the code can be found at https://www.campus-party.eu/webapp/participante/loginBox and at https://www.campus-party.eu as long as the user is logged in. This vulnerability could be used for example with fishing attacks to steal user data amongst other things by making the user login with the given data and then asking him to enter an appropriate address. To make things more interesting, the https://www.campus-party.eu/webapp/participante/personalData?to= and the https://www.campus-party.eu/webapp/participante/solicitudRestaurarPasswordForm can be used by spammers to check whether a particular e-mail is registered or not on the website since they will report back that information. The first one can be used without side effects by entering a single character password resulting either in an error regarding password length or in a notice that the e-mail was already registered. The second one can be used just by entering the e-mail and checking the resulting message, but will have as a side effect that an e-mail will be sent back to the registered users asking them to reset their password. I hope this information is useful, klondike
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/