Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:13307
HistoryJun 25, 2006 - 12:00 a.m.

Dating biz@ dating script v1.0 - XSS

2006-06-2500:00:00
vulners.com
8
JSON

Custom dating biz@ dating script v1.0

Homepage:
http://www.e-cbd.biz/php_dating_script.html

Affected files:

*Profiles
user_view.php
photo_create.php

The edit profile form can be spoofed and a user can enter any data he wishes and it will update his
profile. The "Choose an opening like and Pople say you look like" input boxes are the only ones that
when entered, will be reviewed by the sites admin. Max char limit stored in the db for each profile box
appears to be 36 chars EXCEPT for the input box "Special Cases". This box is where I will

display our XSS example with the cookie info.

PoC:

<script>alert(document.cookie)</script>

Screenshots:

http://www.youfucktard.com/xsp/ebizdate1.jpg
http://www.youfucktard.com/xsp/ebizdate2.jpg
http://www.youfucktard.com/xsp/ebizdate3.jpg

XSS vuln via user_view.php:

http://www.example.com/user_view.php?u=&lt;iframe&#37;20src=http://ha.ckers.org/scriptlet.html&gt;

XSS vuln on photo_create.php.

Max char limit stored in db is only 32, but data isn't sanatized.

JSON