Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:12826
HistoryMay 26, 2006 - 12:00 a.m.

iFdate v1.2

2006-05-2600:00:00
vulners.com
9
JSON

((sorry if youget this twice, the reply page timed out))

iFdate v1.2

Homepage:

http://www.ifusionservices.co.uk/products/product_ifdate.php

Description:
Packed full of great features, it supports themes and looks sleek, your users will be able to create &
customize their very own profile page, upload pictures, rate users, create blogs. You can even upgrade them
to premium tools and so much more, iFdate gives you the best performance on what a community site needs!

Effected files:
all input boxes

XSS attack is possible if you put this in the login box as username and pw:

'';!–"<XSS>=&{()}'';!–"<XSS>=&{()}<IMG
SRC=javascript:alert(&#0000039XSS&#0000039)>'';!–"<XSS>=&{()}'';!–"<XSS>=&{()}

It should also be noted that all input boxes on the site for editing your profile, sending messages, posting
in the forum, along with any other input box that doesnt sanatize user input before dynamically generating it
isvulnerable.

JSON