Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: Specific Sites :: b06-2910.htm

Wanderlist.com - XSS vuln with sessions disclosure



Wanderlist.com - XSS vuln with sessions disclosure
Wanderlist.com - XSS vuln with sessions disclosure



Wanderlist.com=0D
=0D
Homepage:=0D
http://www.wanderlist.com=0D 
=0D
search.cgi=0D
Search box input=0D
adding a item to a list=0D
=0D
Search.cgi XSS vuln with sessions disclosure:=0D
=0D
By putting a few ending opening tags with quotes beforeand after,we are able create a XSS example:=0D
">">">'<""><'<"=0D 
=0D
Screenshots:=0D
http://www.youfucktard.com/xsp/wander1.jpg=0D 
http://www.youfucktard.com/xsp/wander2.jpg=0D 
=0D
---------------------=0D
=0D
Adding item to a list XSS vuln with sessions disclosure:=0D
=0D
In the New list item input box put:=0D
">">">'<""><'<"=0D 
=0D
Screenshots:=0D
http://www.youfucktard.com/xsp/wander3.jpg=0D 
http://www.youfucktard.com/xsp/wander4.jpg=0D 
http://www.youfucktard.com/xsp/wander5.jpg 


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH