hacking contest

hacking exploits security forum
hacking
compliance articles
upgrade backup exec
information security consultant
Help - Search - Member List - Calendar
Full Version: Powerportal Input Validation Hole In Private
GovernmentSecurity.org > The Archives > Exploit Articles
qcred11
Jul 30 2004, 01:58 AM
QUOTE


*********************************************************
************S E C U R I T Y [4] A R A B  N E T************
************- PowerPortal XSS in Private Msg -***************
*********************-  By vamp^ -***********************
*************- vampZ@Hushmail.com -*******************

===== Exploit ======
Tested on last ver
after register in powerportal go to private Msg and send message
title : <script>javascript:alert(document.cookie)</Script>
then if the user join to him msg inbox well show Alert msg with user
and password
( not hashed )
test on yourself send the msg to your inbox

http://powerportal.sourceforge.net

=====Contact =====
vampZ@Hushmail.com



Source: http://www.securitytracker.com/alerts/2004/Jul/1010802.html
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
 
Invision Power Board © 2001-2005 Invision Power Services, Inc.