B3ta.com suffers from a cross site scripting flaw.
1c55d83e647e318fb600f544dd32adc690cc9136d230af3e63666a475966385f
B3ta.com
Homepage:
http://www.b3ta.com
Affected files:
Input boxes of your profile
XSS vuln with cookie disclosure via Profile: box.
Data isn't correctly sanatized before being generated. We can bypass the filters of the site one way by using img tags and converting our javascript to UTF-8 unicode. PoC:
<IMG SRC=javascript:alert(document.cookie)>
Screenshots:
http://www.youfucktard.com/xsp/b3ta1.jpg
http://www.youfucktard.com/xsp/b3ta2.jpg