b3ta.txt

2006-06-25T00:00:00
ID PACKETSTORM:47613
Type packetstorm
Reporter Luny
Modified 2006-06-25T00:00:00

Description

                                        
                                            `B3ta.com  
  
Homepage:  
http://www.b3ta.com  
  
Affected files:  
Input boxes of your profile  
  
  
XSS vuln with cookie disclosure via Profile: box.  
  
Data isn't correctly sanatized before being generated. We can bypass the filters of the site one way by using img tags and converting our javascript to UTF-8 unicode. PoC:  
  
<IMG SRC=javascript:alert(document.cookie)>  
  
Screenshots:  
  
http://www.youfucktard.com/xsp/b3ta1.jpg  
http://www.youfucktard.com/xsp/b3ta2.jpg  
`