XSSed: softerpore.com

June 21, 2009

New blog, new xss…
Today i found an internet shop which is doing a lot of comment spamming in blogs etc… -> http://www.softerpore.com
It does not took long to find an xss hole in the registration page:
Just post
to http://www.softerpore.com/registration/

Or enter
"><SCrIPT>alert("Yes, I'm vulnerable to XSS")</SCrIPT>
to the inputbox you want it to be.

Free Image Hosting at www.ImageShack.us

And no… I will not give damn spammers a link to their website, you have to copy & paste… And in this case I will not send a notice to the administrator. He has enough to do with spamming etc, i don’t want to disturb him…


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: