XSS in WeChall
Global Rank: 229
Totalscore: 93264
Posts: 1680
Thanks: 1358
UpVotes: 920
Registered: 16y 281d
Last Seen: 1h 18m
The User is Offline
XSS in WeChall
Nov 03, 2011 - 04:11:41 (13y 23d)
Nov 03, 2011 - 04:11:41 (13y 23d)
There was an XSS flaw found in the wechall website.
was prone to XSS.
The ajax=1 parameter turned everything vulnerable to XSS, because the content type is plaintext(no htmlspecialchars), but the header was missing.(content-type:text/plain).
I want to thank kwisatz for finding and reporting this flaw which affects pretty all of my websites :^)
Greetings
gizmore
Quote from kwisatz
index.php?mo=GWF&me=<script>alert(1)</script>&ajax=1
was prone to XSS.
The ajax=1 parameter turned everything vulnerable to XSS, because the content type is plaintext(no htmlspecialchars), but the header was missing.(content-type:text/plain).
I want to thank kwisatz for finding and reporting this flaw which affects pretty all of my websites :^)
Greetings
gizmore
The geeks shall inherit the properties and methods of object earth.
Last edited by gizmore - Nov 03, 2011 - 04:18:29
tunelko, quangntenemy, TheHiveMind, Z, balicocat, Ge0, samuraiblanco, arraez, jcquinterov, hophuocthinh, alfamen2, burhanudinn123, Ben_Dover, stephanduran89, braddie0, SwolloW, dangarbri, csuquvq have subscribed to this thread and receive emails on new posts.
1 people are watching the thread at the moment.
This thread has been viewed 4611 times.
1 people are watching the thread at the moment.
This thread has been viewed 4611 times.