Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web :: Specific Sites :: b06-2289.htm

XSS in
XSS in
XSS in

I found this little XSS thing with the search.aspx page of
The page uses GET method to get user criteria for searching the
profiles of people.
The fields textboxAgeFrom and textboxAgeTo in the URL are not verified
and one can inject any html code using these parameters.
Proof of concept°ree=radioAll&hiddenState=&hiddenCountry=91&view=&pno=1 

Note: You should be logged in to orkut to access this page.

"if you don't know where you are going,
what difference does it make,which path you take"
---Cheshire Cat

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH