Username: 
Password: 
Restrict session to IP 

XSS in WeChall

Global Rank: 252
Totalscore: 87267
Posts: 1635
Thanks: 1337
UpVotes: 886
Registered: 16y 43d




Last Seen: 12h 54m
The User is Offline
XSS in WeChall
Google/translate16Thank You!1Good Post!16Bad Post! link
There was an XSS flaw found in the wechall website.

Quote from kwisatz

index.php?mo=GWF&me=<script>alert(1)</script>&ajax=1


was prone to XSS.

The ajax=1 parameter turned everything vulnerable to XSS, because the content type is plaintext(no htmlspecialchars), but the header was missing.(content-type:text/plain).

I want to thank kwisatz for finding and reporting this flaw which affects pretty all of my websites :^)

Greetings
gizmore
The geeks shall inherit the properties and methods of object earth.
Last edited by gizmore - Nov 03, 2011 - 04:18:29
tunelko, quangntenemy, TheHiveMind, Z, balicocat, Ge0, samuraiblanco, arraez, jcquinterov, hophuocthinh, alfamen2, burhanudinn123, Ben_Dover, stephanduran89, braddie0, SwolloW, dangarbri have subscribed to this thread and receive emails on new posts.
1 people are watching the thread at the moment.
This thread has been viewed 4399 times.