SF-UsersXSS.txt

2006-05-06T00:00:00
ID PACKETSTORM:46078
Type packetstorm
Reporter Nomenumbra
Modified 2006-05-06T00:00:00

Description

                                        
                                            `SF-Users V1.0 XSS injection  
  
Discovered by: Nomenumbra  
Date: 5/2/2006  
impact:moderate (privilege escalation,possible defacement)  
  
The username with which you sign up isn't properly sanitized so it's possible to   
insert some javascript there.  
  
The single quote is filtered so we'll have to use ' or %27. A username like this:  
  
<IMG SRC=javascript:alert(%27!%27)> would be displayed on the user page as XSS, the rest is left to  
your fantasy.  
  
Nomenumbra/[0x4F4C]  
`